Network Access Control (NAC)
|
|
- Georgiana Drusilla Elliott
- 8 years ago
- Views:
Transcription
1 Network Access Control (NAC) Planning a Successful Rollout and Implementation Whitepaper 2011 ForeScout Technologies, Inc. All rights reserved. Call Toll-Free:
2 Table of Contents Introduction... 1 Lay the Foundation... 2 Know What the Objectives Are Set Goals...2 Set the Standards for Success...3 Cross Functional NAC Project Teams...4 Starting a NAC Deployment... 4 NAC Goal Control Non-Corporate Users and Devices...4 NAC Goal Maintain Endpoint Compliance Across the Enterprise...5 Tips for Managing Policy Change...6 Creation of a Phased Rollout Strategy... 6 Uptime Enforcement...6 Site by Site Rollout...9 Policy by Policy Rollout Summary ForeScout Technologies, Inc. Access ability.
3 Introduction A primary security objective of any enterprise is to have comprehensive knowledge and control of all users/devices that move in and out of the network, ensuring that these devices are in compliance with corporate security policies. Basically, it is making sure that only the right users, with the right devices, gain access to the right resources on the network. By having this control, the rationale is that no device would be able to damage the network or sensitive data would not be compromised by unauthorized users. But with the vast complexity and unique nature of each enterprise, this goal of knowledge and control has been challenging and some would say unattainable. With the emergence of Network Access Control (NAC) technologies, network administrators now have tools to gain this critical and powerful network understanding. However, care needs to be taken in selecting the right tool(s). A NAC solution will contribute significantly to an organization s business objectives by automatically enforcing network and security policies, preventing network downtimes, maintaining network integrity and meeting federal and state compliance regulations. So with this in mind, it is important to look at what a NAC implementation would require and how this type of tool can be successfully rolled out to maximize business objectives. To achieve successful results, from the conceptual stage through implementation, project leaders should have clear understanding of three key issues: Project Goals What does a completed NAC roll out look like? What business challenges are solved by the NAC roll out? Success Factors What key factors will play into the success of the project? Rollout Strategies What is the best way to go from planning to implementation in order to ensure success without limiting productivity? This document will cover the basic questions that need to be addressed before attempting to implement a successful NAC roll out. Every enterprise is different and will have different nuances to how a NAC implementation will work within the physical network and within the corporate culture of the organization. It is the goal of this document to provide several options of how to systematically and effectively institute access control policies and enforcement, while continuing to preserve uptime and productivity. ForeScout Technologies, Inc. Access ability. Page 1
4 Lay the Foundation There are several issues that need to be addressed at the conceptual stage in order to lay a solid foundation for a NAC project. Having a good understanding of how to answer the basic questions will provide the right base from which to guide NAC rollout decisions, and will help NAC project leaders gauge their progress. In general, when setting the groundwork for a NAC roll out, the following questions should be able to be answered in detail: What are the main objectives of the NAC roll out? Enforcing baseline security policy Access Control of network guest/contractors Role based access Keep worms out What constitutes success? Meeting roll out time line Enforcing policy Maintaining uptime Who is involved? Each stage of the roll out Policy creation Employee notification Know What the Objectives Are Set Goals Today s network challenges have grown beyond dealing with traditional security threats (i.e., worms, viruses, spyware, etc). Now business leaders are also coping with issues such as end point compliance, network integrity and availability, legal compliance, WAP control, confidential customer data, protection against hardware theft, privacy and more. With appropriate planning, the right NAC tools can handle these issues, but it requires spending sufficient time formulating goals that meet specific business needs. Some common goals include the following: Eliminate network access to non-corporate users and devices across all sites. Ensure all corporate devices have the necessary patches and software versions. Eliminate usage of non-compliant software on all end points. Achieve regulatory compliance (e.g. Sarbanes-Oxley). Eliminating zero-day worm outbreaks. Detect and disconnect all rogue wireless access points. Ensure that servers containing customer data are properly patched and secured. Ensure that servers containing customer data are only access by credentialed users. These policy decisions can not be made in a vacuum and must pull from a variety of corporate resources. Gathering information is critical to both understanding what the needs of the organization are and implementing a NAC solution that will contribute to the overall business goals. ForeScout Technologies, Inc. Access ability. Page 2
5 Set the Standards for Success A NAC project will excel when it is tied to a comprehensive list of business and technical success factors. In fact, these factors will be crucial when making decisions and measuring progress at every stage of the project s design and rollout. Making sure that NAC policies, procedures, strategies and related network processes meet the standards put forward here is essential to the success of the project. Business Success Factors Minimal Disruption to End-User Productivity: Polices should have minimal negative impact on enduser behavior, processes and productivity. For example, polices should: Avoid rash sweeping sanctions that have the potential to disrupt business continuity. Pinpoint and manage non-compliant users/devices only, and ignore the remaining compliant enterprise. Ensure that NAC processes are transparent to end-users and don't change their work patterns. For example, when logging in, use existing authentication methods. Education and Awareness First: When appropriate, NAC polices should first serve to raise awareness of security and compliance issues and only in the most critical circumstances be used to impose immediate sanctions. Successfully educating and training the enterprise about security and compliance will naturally reduce the number of policy violations while still being able to take hard action when personnel do not comply with network policies. Direct Personal Response: Verify that NAC policies and processes speak directly and personally to non-compliant network end-users in real-time, and automatically track the progress they make towards compliance. Each network user will be handled on the merit of their compliance status and addressed in direct response to specific violations they carried out. Technical Success Factors Intrusive Deployments vs. Minimal Impact Deployments: The ideal NAC solution would not slow down network response times, add latencies or drain network resources. The greater the impact of NAC technology on network operations, the greater the resistance and delays in achieving full implementation. Client Based vs. Clientless Deployment: The ideal NAC solution would not require any endpoint installations (i.e. agent, client, shim, etc.) to carry out a deep inspection of the connecting device. Clientless deployment minimizes the IT and support effort required for end point installation/ maintenance and expands the flexibility of which devices can be inspected. Additionally, clientless NAC provides the ability to extend NAC functionality to non-user based networked devices (i.e. IP printers, fax, VoIP phones, etc.). Rigid vs. Flexible Deployment: The ideal NAC solution can be deployed according to your networking needs, i.e. at the distribution switch level, access switch level or at the core switch, without requiring any change to the existing network configuration. New Equipment vs. Working with Exiting Network Devices/Services: The ideal NAC solution integrates with existing infrastructure, rather than requiring changes to it. This means the NAC solution would work on top of existing network equipment, avoiding the need to update switches and other key network devices when deploying the NAC solution. Such changes to underlying infrastructure carry greater risks, significant expenses and drain the time of limited IT management resources. In addition to the physical infrastructure, the NAC solution should leverage existing application infrastructure as well. For example: Identity Management Systems (LDAP/Active Directory) can be leveraged for obtaining user identity information. Trouble Ticket Systems can be leveraged for tracking detections of non-compliant users/devices. Authentication Services can be leveraged for performing authentication. ForeScout Technologies, Inc. Access ability. Page 3
6 Cross Functional NAC Project Teams Who to Involve? NAC projects require expertise from a variety of corporate resources. When setting objectives and goals for the NAC project, it will be important to get perspectives on what is important to the organization as a whole. Network security policy creation needs to be done with this perspective in mind. This input will make sure that all parties are well aware of the NAC initiative and give them the opportunity to voice concerns that are relevant to their role within the organization. Corporate resources that should be consulted in the process of building NAC policies are: Network: For integration with the network infrastructure. Security: For defining and implementing informationsecurity policies. Legal: For understanding regulatory requirements and the impact of the project on compliance. Helpdesk/IT: For desktop/laptop configurations and patch deployment. Human Resources: For interacting with end-users and notifying them of corporate policies. Operations: For handling response procedures and policy deployment scheduling. Management: For prioritization, business impact decision-making and high-level budget issues. In this process, broader input will improve the implementation effectiveness and thoroughness and helps ensure the success and buy-in of the entire corporation. This will be a key factor for success as the first stage of implementation begins and as sanctions start being applied. Starting a NAC Deployment As a first step, the NAC team should decide how to best translate goals into policy requirements. Writing policy requirements will likely involve reviewing IT processes, examining regulatory and corporate policy requirements, identifying how to leverage network infrastructure, incorporating third party systems and more. Below are examples of common policies and how they have been translated into NAC framework. NAC Goal Control Non-Corporate Users and Devices The goal is to control network access to non-corporate users and devices across all campuses. To achieve this, the following illustrates how these policy requirements might be defined: Policy Requirement 1: Visitor Access in Conference Rooms Policy Action 1: Identify guest devices in specified IP Range When to Apply Policy 1: Upon connection to the network Policy definition: In conference rooms, automatically limit access to non-corporate users (visitors), allowing them Internet access only, while allowing full access to corporate employees. Policy Requirement 2: Visitor Access to the Production Network Policy Action 2: Identify non managed devices attempting to connect to the production network When to Apply Policy 2: Upon connection to the network Policy definition: When physically attempting to connect to the production network, nonauthenticated users will be denied access. Policy Requirement 3: No Rogue Wireless Access Points (WAP) Policy Action 3: Track down and remove Rogue WAP When to Apply Policy 3: At every first connection to the network Policy definition: Wireless Access Points are prohibited across all offices, including remote branches. Any discovered WAP must be automatically disconnected from the network. ForeScout Technologies, Inc. Access ability. Page 4
7 Industry Whitepaper NAC Goal Maintain Endpoint Compliance Across the Enterprise The goal is to constantly maintain compliance of network policies of all corporate hosts. To achieve this, the following illustrates how these policy requirements might be defined: Policy Requirement 1: All Critical Vulnerabilities Must be Patched This should be tested upon admission as well as on a regular basis. If not in compliance with an identified critical vulnerability, a suggested action would be to automatically isolate, patch and then release machines once remediation is complete. After Policy Creation is complete and enforcement actions have been decided upon, it is critical to individually test the policies to ensure complete understanding of estimated impact from imposing a rule just in case the rule and related response for violation was written poorly OR the degree of noncompliance is so great that enforcement would bring the network to a halt. For NAC best practices, after the policy is implemented, rules should always be implemented in monitor mode (where the NAC administrator can see what impact the rules would have across the network without enforcing the rule in real-time). This will significantly help the NAC manplanning SUCCESSFUL ROLLOUT AND IMPLEMENTATION ager s abilityato assess thenac degree of compliance and/or the properness and effectiveness of the rule s creation. WHITEPAPER Policy Requirement 2: All Machines Must Have Updated Anti-Virus Versions Within X Days This should take place upon admission to the network Once the policies have been written,upon, tested, and reviewed After Policy Creation is complete and enforcement actions have been decided it is critical to as well as on a regular basis. If not in compliance, a over understanding a reasonable period of time in monitor mode then formal individually test the policies to ensure complete of estimated impact from imposing a suggested action would be to inform the end user that rule just in case the rule and related response for can violation written poorly ORinthe degreewould of nonrollout begin.was Implementing the rule real-time they are not in compliance. ignored, would bring the network to a halt. For NAC best practices, complianceifisthe sowarnings great thatare enforcement be phased in over time, rule by rule, as will be discussed in the NAC solution should allow for automatically after the policy is implemented,isolation, rules shouldthe always be implemented in monitor modeone (where next section. Rules should be enforced at a the time to and force remediation of the outdated anti-virus versions. NAC administrator can see what impact the ensure rules would have across the network without enforcing the the viability of each rule. This allows the roll out to rule in real-time). This will significantly help the NAC manager s ability to assess the degree of Policy Requirement 3: Only Allow MSN Instantproceed with a full understanding of what the impact of each compliance and/or the properness and effectiveness of the rule s creation. Messaging on Corporate Hosts policy is, both individually and ultimately on the full network. Users may only Once work with the MSN instant-messaging See reviewed chart below. the policies have been written, tested, and over a reasonable period of time in monitor service. All othermode IM applications may not be installed then formal rollout can begin. Implementing the rule in real-time would be phased in over time, and if detected, rule the service by rule,will as be willblocked. be discussed in the next section. Rules should be enforced one at a time to ensure the viability of each rule. This allows the roll out to proceed with a full understanding of what the impact of each policy is, both individually and ultimately on the full network. See chart below. Tips for Managing Policy Change Predict how a new policy will affect users ForeScout Technologies, Inc. - Have a complete Access understanding to do in order to comply with any new ability. of what users will be required Page 5 policy. Identify where potential problem areas/groups might be (i.e. remote or traveling users) and
8 Tips for Managing Policy Change Creation of a Phased Rollout Strategy Predict how a new policy will affect users Have a complete understanding of what users will be required to do in order to comply with any new policy. Identify where potential problem areas/groups might be (i.e. remote or traveling users) and make a plan to address these areas/groups before implementation of the first policy. Inform users of a policy change before it happens Make sure that all users who will be affected by the policy change are fully aware of the policy and the potential consequences of non-compliance. Offer users ability to reach compliance before the policy is implemented As part of educating users on the policies that will be implemented, provide the appropriate links or directions as to how the user can become compliant before sanctions are imposed. This can be an integrated effort between IT and HR to ensure users have all the resources necessary to facilitate the change. Automate the response to eliminate calls to the help desk As part of the network response to a violating user, leverage automated processes (e.g. automatically opening a trouble ticket or linking to the anti-virus server for definition update) to help bring end users into compliance without creating more work for the help desk. After determining policy requirements and deciding how to handle enforcement for non-compliant devices, a phased rollout plan should be created. This process will help determine which of the rules should be implemented, one at a time, and in which order. Having tested the rule(s) in monitor mode, the implementation team will have sufficient knowledge to determine which rules should be enforced and the type of enforcement that should be used. As a general rule, the phases of rollout are a judgment call by the organization. Consider that the policies most important (or simple) to rollout are the ones that will potentially deliver the greatest results. There are several ways to approach a phased roll out, but all should generally fall under the banner of Uptime Enforcement. This focuses the attention of the team on the primary goal of a NAC implementation secure the network, enable productivity. Uptime Enforcement Most NAC implementers consider two states: compliant devices are allowed on the network, noncompliant devices are blocked even if the policy violation is not critical. Often, blocking is premature and only causes disruption to business continuity and significantly impacts end-user productivity. Enforcing NAC polices through blocking mechanisms effectively holds back business operations or causes unnecessary downtime at the desktop. Uptime Enforcement extends flexibility to the network administrator to act appropriately based upon the severity of the policy violation. For example, X is a policy that would most likely call for immediate compliance and work/connection to network resources must stop until the device is brought into compliance and only then can access be allowed. Y is a policy that might allow a few hours or days for compliance. In the mean time, users could continue to be productive without having to drop every thing to take care of the remediation. If the user does not comply with policy notification and warnings, at that time a more drastic sanction can be imposed. Uptime enforcement is a strategy that lets the network administrator maintain end-user uptime while simultaneously enforcing NAC policies. Uptime enforcement means that when swift, aggressive action is not essential, NAC policies should give the enterprise a chance to catch up to compliance demands, without enforcing harsh sanctions, or any sanctions at all. ForeScout Technologies, Inc. Access ability. Page 6
9 Uptime enforcement works because it addresses the source of noncompliance before reacting to it with consequences. In general, the cause of non-compliance falls into three categories: Non-compliant IT process for example, corporate antivirus licenses that were not renewed and have expired. Uneducated end-users for example, employees that are unaware of a company policy that prohibits them from using P2P applications. In general, this is the most common cause of non-compliance. Non-compliant end-users for example, end-users that know about a company policy prohibiting the use of P2P applications, but still run them. Typically, uneducated users comprise 60% - 70% of all network security policy violations. The uneducated user does not have malicious intent, but rather is unaware or chooses to ignore company mandates. For these users, the decision may not be to block access, but rather track and log activity keeping the end user productive. Uptime Enforcement can be achieved by working with polices that push forward a logical process of elimination when dealing with the source of noncompliance. This can be achieved through a systematic approach: WHITEPAPER Step one discover and review non-compliance of devices, users, and user behavior. PLANNING A SUCCESSFUL NAC ROLLOUT AND IMPLEMENTATION Step two launch education program of employees verifying that they understand the corporate network security policies. Uptime Enforcement can be achieved by working with polices that push forward a logical process of elimination when dealing with the source of noncompliance. This can be achieved through a systematic approach: Step one discover and review non-compliance of devices, users, and user behavior. Step three address users who have been educated as to the security policy, but refuse to adhere. Step two launch education program of employees verifying that they understand the corporate network security policies. Step three address users who have been educated as to the security policy, but refuse to adhere. Why is it important to work according to this process? Following this process ensures that you achieve compliance while minimizing the disruption to network users applying sanctions only when absolutely necessary and on a very well defined and typically relatively small group of users. 1. Evaluate Current Compliance of Network - The NAC solution should automatically locate noncompliant end-users and devices without imposing sanctions. This step is focused on eliminating any systemic problems (outside the control of the end user) which has made an unaware end-user noncompliant. Evaluating the nature of the problem will show if non-compliant devices or behaviors are the source of policy violations. Addressing these IT processes will significantly reduce the number of challenges in implementing NAC. Why is it important to work according to this process? Following this process ensures that you achieve compliance while minimizing the disruption to network users applying sanctions only when absolutely necessary and on a very well defined and typically relatively small group of users. 1. Evaluate Current Compliance of Network The NAC solution should automatically locate noncompliant endusers and devices without imposing sanctions. This step is focused on eliminating any systemic problems (outside the control of the end user) which has made an unaware enduser noncompliant. Evaluating the nature of the problem will show if non-compliant devices or behaviors are the source of policy violations. Addressing these IT processes will significantly reduce the number of challenges in implementing NAC. For example, if you find that that an extensive number of network machines don t meet patch level requirements, it could indicate that: Desktop provisioning issues may need to be corrected. Patch management system may not be operating properly. 2. Educate the End User Directly After addressing/ eliminating any background IT problems, there should be a reduction in non-compliance levels. However, if the level of non-compliance is still high, it is indicative of users who are unaware that they have breached policies, or have not been taught how to comply with them. This can be addressed by a NAC powered educational policy. What is the purpose of a NAC-powered Educational Policy? Directly and personally draw non-compliant endusers into the compliance process. Raise their awareness of compliance and security requirements. Help change behavior, forcing compliance, without reducing productivity. How does it work? Non-compliant users are notified via automated, personal, directed and/or Web notifications. These notifications are delivered at the time the violation occurs. For example, if you find that that an extensive number of network machines don t meet patch ForeScout level requirements, Technologies, it could indicate Inc. that: Access ability. Page 7 Desktop provisioning issues may need to be corrected.
10 A NAC-powered educational policy can be as simple as rolling out a Web-based company reminder that informs network users when corporate policies are initiated or changed. For example, a policy informing users via the Web that only a specific instant messaging system may be used in the enterprise or that P2P applications may not be used. Additionally, the right NAC solution can: Further the educational process by delivering to non-compliant users with a URL link to the policy document, and request that they read the policy and select an I agree button for confirmation. Reports can be generated periodically to keep track of and address users that have not confirmed. Setup a cleanup campaign with the Helpdesk to assist in uninstalling barred applications. The Helpdesk will be automatically provided contact information, lists of barred applications, and the IP/MAC address of detected machines. Temporarily hijack the non-compliant users Web sessions with a message indicating that blocking sanctions will be applied if barred applications are detected on their machines after a specific date. point, it needs to be very clear what sanctions will be used and how those actions should be carried out on users/ devices that do not comply with the NAC policy. Some common examples include: Assign the device to VLAN (Quarantine VLAN, Guest VLAN or Remediation VLAN). Block the device at the switch. Prevent Internet access. Prevent access to the corporate network or to segments of it. Prevent access to specific servers. Impact of an Uptime Enforcement Deployment Phasing in NAC policies will achieve a quicker mean time to compliance with minimal network/user disruption. The graph below illustrates how stepping through the Uptime Enforcement process will significantly reduce the number of non- WHITEPAPER compliant users without the need to impose hard sanctions. Impact of an Uptime Enforcement Deployment By the time sanctions are required, the focus will be on the small number of real policy violators. PLANNING A SUCCESSFUL NAC ROLLOUT AND IMPLEMENTATION Phasing in NAC policies will achieve a quicker mean time to compliance with minimal network/user disruption. The graph below illustrates how stepping through the Uptime Enforcement process will significantly reduce the number of non-compliant users without the need to impose hard sanctions. By the time sanctions are required, the focus will be on the small number of real policy violators. Rolling out a NAC-powered education policy typically leads to a dramatic increase in compliance as it addresses the most common cause of non-compliance Unaware/uninformed users. 3. Enforce Policy on Non-Compliant Users After NAC-powered educational polices have been rolled out, there should be a good understanding of the number/ percentage of non-compliant users. In all probability, the level of non-compliance at this stage will be quite low. By this time, the end user should be aware of the policies and if they choose to continue to violate the policy, then they will be subject to sanctions. But even in this case, the NAC solution needs to provide several graduated enforcement options and not simply deny access. At this Audit: Understand the current state of compliance in the network. Use information to create policies. Audit: Understand the current state of compliance in the network. Use information to create policies. Inform: Inform users of policy changes. Give users a chance to change behavior before imposing sanctions. Educate/Train: Use soft enforcement and reminders to policy violators. Offer easy or automatic ways for a user to become compliant. Inform: Inform users of policy changes. Give users a chance to change behavior before imposing sanctions. Enforce: Block or limit access to policy violators. Offer easy or automatic ways for a user to become compliant. Educate/Train: Use soft enforcement and reminders to policy violators. Offer easy or automatic ways for a user to become compliant. Two Methods for Uptime Enforcement Site by Site Rollout NAC project leaders are often tempted to rollout NAC policies across all enterprise sites simultaneously. However, without first understanding the ramifications of a wide spread deployment, NAC project leaders should consider a phased implementation - even if the polices will eventually be deployed across the enterprise. Many sites operate under unique work procedures and site-specific requirements which may be unknown to the central administrator but critical for the site s day to day operation. For example: Enforce: Block or limit access to policy violators. Offer easy or automatic ways for a user to become compliant. At a remote site, a mission critical Web-based application only runs on a specific Internet Explorer version. However a corporate NAC policy prohibits the use of that version of IE. The policy may need to be adjusted to meet the specific site requirements. 12 ForeScout Technologies, Inc. Access ability. Page 8
11 Two Methods for Uptime Enforcement Site by Site Rollout WHITEPAPER NAC project leaders are often tempted to rollout NAC policies across all enterprise sites simultaneously. However, without first understanding the ramifications of a wide spread deployment, NAC project leaders should consider a phased implementation even if the polices will eventually be deployed across the enterprise. Many sites operate under unique work procedures and site-specific requirements which may be unknown to the central administrator but critical for the site s day to day operation. For example: Choosing the First Site At a remote site, a mission critical Web-based application only runs on a specific Internet Explorer version. However a corporate NAC policy prohibits the use of that version of IE. The policy may need to be adjusted to meet the specific site requirements. PLANNING A SUCCESSFUL NAC ROLLOUT AND IMPLEMENTATION A NAC policy requires that all end-users work with a specific version of Windows Office. Marketing A NAC policy only allows the use of the MSN instant departments, messaging however, service. require Partners a higher working version in with a support site however, only work with Yahoo order instant to create messaging. marketing The documents. policy will The have marketing to be adjusted for the support site, or the site may be department exempt from cannot inspection be inspected for this for policy. this policy. A NAC policy requires that all end-users work with a specific version of Windows Office. Marketing departments, however, require a higher Choosing version the in First order Site to create marketing documents. The marketing department cannot The be inspected first location for for this a policy. site by site roll out is critical to the success of the overall NAC implementation. It is best to select a site that is well managed and the infrastructure is well documented. Particular attention must be paid to understanding The first location for a site by site roll out is critical to the success of the overall NAC implementation. It is best to select a site that is well managed and the infrastructure is well the network s response to the policy enforcement, measuring documented. Particular attention must be paid to understanding the network s response to how effectively non-compliant end-users comprehend policy the policy enforcement, measuring how effectively non-compliant end-users comprehend changes, and the response to the policy and actions imposed. When choosing the first site, it should be: policy changes, and the response to the policy and actions imposed. When choosing the first A NAC site, policy it should only allows be: the use of the MSN instant messaging service. Well-managed, Partners working i.e. documented with a support and site understood Well-managed, support infrastructure i.e. documented and and IT understood support however, only administrator. work with Yahoo instant messaging. The infrastructure and an IT administrator. policy will have to be adjusted for the support site, or the Physically close to your security and networking site may be exempt from inspection for this policy. Physically teamsclose to your security and networking teams Stable environment (network devices are not frequently added, removed or updated) Stable environment (network devices are not frequently added, removed or updated) Site Site by by Site Site Roll Rollout Out Rolling Rolling out out on on a a per per site site basis, basis, allows allows for for the the fine fine tuning tuning required required to to ensure ensure no no disruption disruption to legitimate to business legitimate processes. business Each processes. sit will have Each it sit own will unique have it characteristics own unique characteristics that will need tothat be will understood need to and address. be understood This methodology and address. should This be methodology coupled with should a policy be coupled by policy with (see a policy next section) by policy practice (see to ensure next section) maximum practice understanding to ensure of the maximum impact understanding NAC policies will of the have impact on the NAC enterprise. policies will have on the enterprise. ForeScout Technologies, Inc. Access ability. Page 9
12 WHITEPAPER Policy by Policy Rollout PLANNING A SUCCESSFUL NAC ROLLOUT AND IMPLEMENTATION It s natural that NAC project leaders will want to implement Therefore, each policy review should answer following all NAC policies as quickly as possible. However, rolling out questions: too many polices Policy concurrently, by Policy Rollout even within a single site, won t Did the policy pinpoint the right users and devices? give the network It s natural administrator that NAC enough project time leaders to evaluate will the want to implement all NAC policies as quickly as results of each possible. policy, However, its accuracy rolling, ability out to be too implemented, many polices concurrently, Were network even users within responsive a single to site, the policy? and to understand won t give its impact the network on the network administrator and network enough time to evaluate the results of each policy, its Were processes implemented effectively? end-users. accuracy Time must, be ability invested to be in fine-tuning implemented, each network and to understand its impact on the network and policy before network moving end-users. on to another. Time (see must chart below) invested in fine-tuning each network policy before moving on to another. (see chart below) Policy by by Policy Policy Roll Roll Out Out Therefore, each policy review should answer following questions: Did the Policy Pinpoint Did the the policy Right pinpoint Users and the Devices? right users and devices? After running a policy, Were it is network not unusual users to discover responsive that to the policy? Security auditors and network administrators who will devices and users Were detected processes during the implemented inspection process effectively? need access to all network resources and services, should really have been kept out. regardless of policies. Did the Policy Pinpoint the Right Users and Devices? Polices should be individually for the purpose of verifying that they The policy enforces patch level requirements on network After running a policy, it is not unusual to discover that devices and users detected during the inspection what process needs should to get inspected. really have Following devices at a local hospital. However, some medical been kept out. through with such fine-tuning will significantly reduce network devices prohibit the installation of patches. These disruption Polices and improve should the effectiveness be run individually and value for of the purpose of devices verifying should that be they excluded inspect from what the needs inspection. policy. to get inspected. Following through with such fine-tuning The policy will requires significantly that every reduce device network must authenticate at Some common disruption examples and of improve users and the devices effectiveness that should and be value of network the policy. admission. Network printers and other network excluded from policy inspections are as follows: equipment should be excluded. Some common examples of users and devices that should be excluded from policy VIP users. inspections These users are should as follows: always have full network access regardless of any policy requirements. ForeScout Technologies, Inc. Access ability. Page 10 14
13 Does the NAC System Handle Automatic Device Classification? The NAC solution should support automatic classification of devices, which enables the ability to define device categories only as a criterion for inspection or exclusion from the inspection process. For example, automatic detection and classification of network printers can be achieved by working with NAC solutions that automatically recognize printers as they enter the network. Otherwise, the administrator has to create specific exception lists by extracting the information from inventory management systems and update them every time a new printer is installed. No Hits? After running the policies, it may be discovered that a relatively small number of detections were made. This may indicate that the policy inspection scope is too narrow, and is missing users and devices that should be inspected. If this is the case, the policy scope should be broadened. Were Processes Implemented Effectively? Corporate polices are likely to include automated processes designed to bring about compliance faster and more efficiently. These processes may call specific departments into action, or generate important information about the violation event. For example, the No P2P policy requires that the IT and helpdesk teams are automatically notified when a violation is detected. The notification they receive should include the contact and device details as well as information about the policy violation. Lastly, it is important to verify that automated instructions to support or other teams reach their destination with the proper information, and that the end user knows what to do with it. And before dealing with a new policy, make sure to fine tune the automated process to maximize efficiencies. Were Network End-Users Responsive to the Policy? Corporate polices will often require that network end-users respond to a NAC-powered educational policy or perform a specific task - for example use self-remediation links or contact the Helpdesk. Verification should be checked to ensure end-users are responding to notifications and instructions as anticipated, and changing their behavior accordingly. ForeScout Technologies, Inc. Access ability. Page 11
14 Summary NAC projects can deliver impressive results when backed by appropriate project goals, success factors that give comprehensive direction and guidance, and a NAC team that knows how to get the job done. With this foundation set, project leaders are better equipped to design useful NAC polices and roll out the NAC project. Ultimately the success of a NAC implementation will lie in the ability to gain a complete understanding of what is going on within the IT infrastructure. This means auditing the people and processes that are active on the network on a daily basis. It also means being able to use the information gained by NAC solutions like ForeScout s CounterACT to inform and educate and bring non-compliant users and devices into compliance with corporate security policies. CounterACT delivers this in a single turnkey clientless security platform. The appliance does not require and in-line deployment and is vendor neutral allowing the ability to maximize existing infrastructure and systems investments providing a complete NAC solution. This fulfills a primary enterprise security goal: to have comprehensive knowledge and control of all users/devices that move in and out of the network, ensuring that these devices are in compliance with corporate security policies. ForeScout s CounterACT ensures that only the right users, with compliant devices, gain access to the right resources on the network. It is essential that any solution leverage the current IT infrastructure and existing security investments made by the enterprise to automate the process of remediation and have the ability to perform both soft and hard enforcement. But the NAC solution should also be able to look toward the future and provide a pathway to complete policy implementation and enforcement. ForeScout Technologies, Inc. Access ability. Page 12
15 ForeScout Technologies, Inc N. De Anza Boulevard, Suite 220 Cupertino, CA 95014, USA Toll-free: (US) Tel: (Intl.) Fax: ForeScout Technologies. All rights reserved. ForeScout Technologies, Inc. Access ability.
ForeScout CounterACT. Device Host and Detection Methods. Technology Brief
ForeScout CounterACT Device Host and Detection Methods Technology Brief Contents Introduction... 3 The ForeScout Approach... 3 Discovery Methodologies... 4 Passive Monitoring... 4 Passive Authentication...
More informationWhitepaper. Securing Visitor Access through Network Access Control Technology
Securing Visitor Access through Contents Introduction 3 The ForeScout Solution for Securing Visitor Access 4 Implementing Security Policies for Visitor Access 4 Providing Secure Visitor Access How it works.
More informationNetwork Access Control in Virtual Environments. Technical Note
Contents Security Considerations in.... 3 Addressing Virtualization Security Challenges using NAC and Endpoint Compliance... 3 Visibility and Profiling of VMs.... 4 Identification of Rogue or Unapproved
More informationWHITEPAPER. Addressing Them with Adaptive Network Security. Executive Summary... An Evolving Network Environment... 2. Adaptive Network Security...
WHITEPAPER Top 4 Network Security Challenges in Healthcare Addressing Them with Adaptive Network Security Executive Summary... 1 Top 4 Network Security Challenges Addressing Security Challenges with Adaptive
More informationTechnical Note. ForeScout CounterACT: Virtual Firewall
ForeScout CounterACT: Contents Introduction... 3 What is the vfw?.... 3 Technically, How Does vfw Work?.... 4 How Does vfw Compare to a Real Firewall?.... 4 How Does vfw Compare to other Blocking Methods?...
More informationAddressing BYOD Challenges with ForeScout and Motorola Solutions
Solution Brief Addressing BYOD Challenges with ForeScout and Motorola Solutions Highlights Automated onboarding Full automation for discovering, profiling, and onboarding devices onto both wired and wireless
More informationWHITEPAPER. Addressing Them with Secure Network Access Control. Executive Summary... An Evolving Network Environment... 2
WHITEPAPER Top 4 Network Security Challenges in Healthcare Addressing Them with Secure Network Access Control Executive Summary... 1 Top 4 Network Security Challenges Addressing Security Challenges with
More informationLAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES
LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL for INFORMATION RESOURCES Updated: June 2007 Information Resources Security Manual 1. Purpose of Security Manual 2. Audience 3. Acceptable
More informationSygate Secure Enterprise and Alcatel
Sygate Secure Enterprise and Alcatel Sygate Secure Enterprise eliminates the damage or loss of information, cost of recovery, and regulatory violation due to rogue corporate computers, applications, and
More informationThe self-defending network a resilient network. By Steen Pedersen Ementor, Denmark
The self-defending network a resilient network By Steen Pedersen Ementor, Denmark The self-defending network - a resilient network What is required of our internal networks? Available, robust, fast and
More informationTowards End-to-End Security
Towards End-to-End Security Thomas M. Chen Dept. of Electrical Engineering Southern Methodist University PO Box 750338 Dallas, TX 75275-0338 USA Tel: 214-768-8541 Fax: 214-768-3573 Email: tchen@engr.smu.edu
More informationThe ROI of Automated Agentless Endpoint Management
V The ROI of Automated Agentless Endpoint Management A Frost & Sullivan White Paper Prepared by Ariel Avitan, Industry Analyst 2 TABLE OF CONTENTS The Impact of Endpoint Monitoring and Control Solutions
More informationThis chapter covers the following topics: Network admission control overview NAC Framework benefits NAC Framework components Operational overview
This chapter covers the following topics: Network admission control overview NAC Framework benefits NAC Framework components Operational overview Deployment models C H A P T E R 6 Implementing Network
More informationForeScout CounterACT CONTINUOUS DIAGNOSTICS & MITIGATION (CDM)
ForeScout CounterACT CONTINUOUS DIAGNOSTICS & MITIGATION (CDM) CONTENT Introduction 2 Overview of Continuous Diagnostics & Mitigation (CDM) 2 CDM Requirements 2 1. Hardware Asset Management 3 2. Software
More informationWhatWorks in Blocking Network-based Attacks with ForeScout s CounterACT. Automating Network Access, Endpoint Compliance and Threat Management Controls
WhatWorks in Blocking Network-based Attacks with Automating Network Access, Endpoint Compliance and Threat Management Controls WhatWorks is a user-to-user program in which security managers who have implemented
More informationInformation Technology Services
Information Technology Services 2011 Services Guide 77 Accord Park Drive, Suite A10 Norwell, MA 02061 (781) 871-3662 A proactive, preventative approach to IT management. System downtime, viruses, spyware,
More informationData Management Policies. Sage ERP Online
Sage ERP Online Sage ERP Online Table of Contents 1.0 Server Backup and Restore Policy... 3 1.1 Objectives... 3 1.2 Scope... 3 1.3 Responsibilities... 3 1.4 Policy... 4 1.5 Policy Violation... 5 1.6 Communication...
More informationARCHITECT S GUIDE: Comply to Connect Using TNC Technology
ARCHITECT S GUIDE: Comply to Connect Using TNC Technology August 2012 Trusted Computing Group 3855 SW 153rd Drive Beaverton, OR 97006 Tel (503) 619-0562 Fax (503) 644-6708 admin@trustedcomputinggroup.org
More informationThe Casper Suite An ROI overview
The Casper Suite An ROI overview Introduction Inside Read how the Casper Suite delivers significant ROI in the following areas: Imaging Inventory Software Distribution Patch Management Settings and Security
More informationWHITE PAPER. Automated IT Asset Management Maximize Organizational Value Using Numara Track-It! p: 813.227.4900 f: 813.227.4501 www.numarasoftware.
WHITE PAPER By Tony Thomas Senior Network Engineer and Product Manager Numara TM Software Inc. ADAPTING TO THE CONSTANTLY CHANGING IT ENVIRONMENT The challenge in controlling the corporate IT infrastructure
More informationVirtualization Beyond the Data Center: Increase Network Infrastructure Utilization and Efficiency to Reduce Operational Costs
. White Paper Virtualization Beyond the Data Center: Increase Network Infrastructure Utilization and Efficiency to Reduce Operational Costs Executive Summary The concept of virtualization has gotten renewed
More informationBest Practices for Outdoor Wireless Security
Best Practices for Outdoor Wireless Security This paper describes security best practices for deploying an outdoor wireless LAN. This is standard body copy, style used is Body. Customers are encouraged
More informationAutomated IT Asset Management Maximize organizational value using BMC Track-It! WHITE PAPER
Automated IT Asset Management Maximize organizational value using BMC Track-It! WHITE PAPER CONTENTS ADAPTING TO THE CONSTANTLY CHANGING ENVIRONMENT....................... 1 THE FOUR KEY BENEFITS OF AUTOMATION..................................
More informationNAC at the endpoint: control your network through device compliance
NAC at the endpoint: control your network through device compliance Protecting IT networks used to be a straightforward case of encircling computers and servers with a firewall and ensuring that all traffic
More informationForeScout CounterACT. Continuous Monitoring and Mitigation
Brochure ForeScout CounterACT Real-time Visibility Network Access Control Endpoint Compliance Mobile Security Rapid Threat Response Continuous Monitoring and Mitigation Benefits Security Gain real-time
More informationForeScout CounterACT and Compliance June 2012 Overview Major Mandates PCI-DSS ISO 27002
ForeScout CounterACT and Compliance An independent assessment on how network access control maps to leading compliance mandates and helps automate GRC operations June 2012 Overview Information security
More informationBest Practices for Building a Security Operations Center
OPERATIONS SECURITY Best Practices for Building a Security Operations Center Diana Kelley and Ron Moritz If one cannot effectively manage the growing volume of security events flooding the enterprise,
More informationINSTANT MESSAGING SECURITY
INSTANT MESSAGING SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part
More informationA Database Security Management White Paper: Securing the Information Business Relies On. November 2004
A Database Security Management White Paper: Securing the Information Business Relies On November 2004 IPLocks, Inc. 441-A W. Trimble Road, San Jose, CA 95131 USA A Database Security Management White Paper:
More informationThe Firewall Audit Checklist Six Best Practices for Simplifying Firewall Compliance and Risk Mitigation
The Firewall Audit Checklist Six Best Practices for Simplifying Firewall Compliance and Risk Mitigation Copyright, AlgoSec Inc. All rights reserved The Need to Ensure Continuous Compliance Regulations
More informationAIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE
AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE THE CHALLENGE: SECURE THE OPEN AIR Wirelesss communication lets you take your business wherever your customers,
More informationCONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL
CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL WHAT IS CDM? The continuous stream of high profile cybersecurity breaches demonstrates the need to move beyond purely periodic, compliance-based approaches to
More informationSecurity Solutions to Meet NERC-CIP Requirements. Kevin Staggs, Honeywell Process Solutions
Kevin Staggs, Honeywell Process Solutions Table of Contents Introduction...3 Nerc Standards and Implications...3 How to Meet the New Requirements...4 Protecting Your System...4 Cyber Security...5 A Sample
More informationData Sheet: Endpoint Security Symantec Network Access Control Comprehensive Endpoint Enforcement
Comprehensive Endpoint Enforcement Overview is a complete, end-to-end network access control solution that enables organizations to efficiently and securely control access to corporate networks through
More informationSophos Enterprise Console Help. Product version: 5.1 Document date: June 2012
Sophos Enterprise Console Help Product version: 5.1 Document date: June 2012 Contents 1 About Enterprise Console...3 2 Guide to the Enterprise Console interface...4 3 Getting started with Sophos Enterprise
More informationCisco Security Optimization Service
Cisco Security Optimization Service Proactively strengthen your network to better respond to evolving security threats and planned and unplanned events. Service Overview Optimize Your Network for Borderless
More informationWhite Paper. Ensuring Network Compliance with NetMRI. An Opportunity to Optimize the Network. Netcordia
White Paper Ensuring Network Compliance with NetMRI An Opportunity to Optimize the Network Netcordia Copyright Copyright 2006 Netcordia, Inc. All Rights Reserved. Restricted Rights Legend This document
More informationManaged Service Plans
Managed Service Plans www.linkedtech.com 989.837.3060 989.832.2802 fax Managed Information Technology Services System downtime, viruses, spy ware, losses of productivity Are the computer systems you rely
More informationHealthcare IT Compliance Service. Services > Overview MaaS360 Healthcare IT Compliance Service
Services > Overview MaaS360 Ensure Technical Safeguards for EPHI are Working Monitor firewalls, anti-virus packages, data encryption solutions, VPN clients and other security applications to ensure that
More informationSecuring BYOD With Network Access Control, a Case Study
Securing BYOD With Network Access Control, a Case Study 29 August 2012 ID:G00226207 Analyst(s): Lawrence Orans VIEW SUMMARY This Case Study highlights how an organization utilized NAC and mobile device
More informationIntroduction. PCI DSS Overview
Introduction Manage Engine Desktop Central is part of ManageEngine family that represents entire IT infrastructure with products such as Network monitoring, Helpdesk management, Application management,
More informationData Sheet: Endpoint Security Symantec Protection Suite Enterprise Edition Trusted protection for endpoints and messaging environments
Trusted protection for endpoints and messaging environments Overview Symantec Protection Suite Enterprise Edition creates a protected endpoint and messaging environment that is secure against today s complex
More informationCourse: Information Security Management in e-governance. Day 1. Session 5: Securing Data and Operating systems
Course: Information Security Management in e-governance Day 1 Session 5: Securing Data and Operating systems Agenda Introduction to information, data and database systems Information security risks surrounding
More informationNetwork Virtualization Network Admission Control Deployment Guide
Network Virtualization Network Admission Control Deployment Guide This document provides guidance for enterprises that want to deploy the Cisco Network Admission Control (NAC) Appliance for their campus
More informationAttaining HIPAA Compliance with Retina Vulnerability Assessment Technology
l Attaining HIPAA Compliance with Retina Vulnerability Assessment Technology Overview The final privacy rules for securing electronic health care became effective April 14th, 2003. These regulations require
More informationCentral Agency for Information Technology
Central Agency for Information Technology Kuwait National IT Governance Framework Information Security Agenda 1 Manage security policy 2 Information security management system procedure Agenda 3 Manage
More informationForeScout MDM Enterprise
Highlights Features Automated real-time detection of mobile Seamless enrollment & installation of MDM agents on unmanaged Policy-based blocking of unauthorized Identify corporate vs. personal Identify
More informationThe ForeScout Difference
The ForeScout Difference Mobile Device Management (MDM) can help IT security managers secure mobile and the sensitive corporate data that is frequently stored on such. However, ForeScout delivers a complete
More informationWHITEPAPER. Achieving Network Payment Card Industry Data Security Standard (PCI DSS) Compliance with NetMRI
WHITEPAPER Achieving Network Payment Card Industry Data Security Standard (PCI DSS) Compliance with NetMRI About PCI DSS Compliance The widespread use of debit and credit cards in retail transactions demands
More informationT141 Computer Systems Technician MTCU Code 50505 Program Learning Outcomes
T141 Computer Systems Technician MTCU Code 50505 Program Learning Outcomes Synopsis of the Vocational Learning Outcomes * The graduate has reliably demonstrated the ability to 1. analyze and resolve information
More informationSUPPLIER SECURITY STANDARD
SUPPLIER SECURITY STANDARD OWNER: LEVEL 3 COMMUNICATIONS AUTHOR: LEVEL 3 GLOBAL SECURITY AUTHORIZER: DALE DREW, CSO CURRENT RELEASE: 12/09/2014 Purpose: The purpose of this Level 3 Supplier Security Standard
More informationAlcatel-Lucent Services
SOLUTION DESCRIPTION Alcatel-Lucent Services Security Introduction Security is a sophisticated business and technical challenge, and it plays an important role in the success of any network, service or
More informationZone Labs Integrity Smarter Enterprise Security
Zone Labs Integrity Smarter Enterprise Security Every day: There are approximately 650 successful hacker attacks against enterprise and government locations. 1 Every year: Data security breaches at the
More informationThe President s Critical Infrastructure Protection Board. Office of Energy Assurance U.S. Department of Energy 202/ 287-1808
cover_comp_01 9/9/02 5:01 PM Page 1 For further information, please contact: The President s Critical Infrastructure Protection Board Office of Energy Assurance U.S. Department of Energy 202/ 287-1808
More informationBest Practices in ICS Security for System Operators. A Wurldtech White Paper
Best Practices in ICS Security for System Operators A Wurldtech White Paper No part of this document may be distributed, reproduced or posted without the express written permission of Wurldtech Security
More informationWhite Paper. Imperva Data Security and Compliance Lifecycle
White Paper Today s highly regulated business environment is forcing corporations to comply with a multitude of different regulatory mandates, including data governance, data protection and industry regulations.
More informationTech Brief. Enterprise Secure and Scalable Enforcement of Microsoft s Network Access Protection in Mobile Networks
Tech Brief Enterprise Secure and Scalable Enforcement of Microsoft s Network Access Protection in Mobile Networks Introduction In today s era of increasing mobile computing, one of the greatest challenges
More informationSITA Security Requirements for Third-Party Service Providers that Access, Process, Store or Transmit Data on Behalf of SITA
SITA Information Security SITA Security Requirements for Third-Party Service Providers that Access, Process, Store or Transmit Data on Behalf of SITA September, 2012 Contents 1. Introduction... 3 1.1 Overview...
More informationAvoiding the Top 5 Vulnerability Management Mistakes
WHITE PAPER Avoiding the Top 5 Vulnerability Management Mistakes The New Rules of Vulnerability Management Table of Contents Introduction 3 We ve entered an unprecedented era 3 Mistake 1: Disjointed Vulnerability
More informationForeScout CounterACT Endpoint Compliance
Highlights Benefits Continuous Monitoring: Identify security posture of devices on your network in real-time. Remediation: Ensure ends are properly configured, security agents are updated and running properly,
More informationComputer Classroom Security Standard
Computer Classroom Security Standard Cal State Fullerton operates a heterogeneous network environment composed of centrally supported workstations, servers, and the network infrastructure. Along with administrative
More informationScalability in Log Management
Whitepaper Scalability in Log Management Research 010-021609-02 ArcSight, Inc. 5 Results Way, Cupertino, CA 95014, USA www.arcsight.com info@arcsight.com Corporate Headquarters: 1-888-415-ARST EMEA Headquarters:
More informationSecurity. Security consulting and Integration: Definition and Deliverables. Introduction
Security Security Introduction Businesses today need to defend themselves against an evolving set of threats, from malicious software to other vulnerabilities introduced by newly converged voice and data
More informationA Websense Research Brief Prevent Data Loss and Comply with Payment Card Industry Data Security Standards
A Websense Research Brief Prevent Loss and Comply with Payment Card Industry Security Standards Prevent Loss and Comply with Payment Card Industry Security Standards Standards for Credit Card Security
More informationAchieving PCI Compliance Using F5 Products
Achieving PCI Compliance Using F5 Products Overview In April 2000, Visa launched its Cardholder Information Security Program (CISP) -- a set of mandates designed to protect its cardholders from identity
More informationAIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE
AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE THE CHALLENGE: SECURE THE OPEN AIR Wirelesss communication lets you take your business wherever your customers,
More informationEnterprise Single Sign-On SOS. The Critical Questions Every Company Needs to Ask
Enterprise Single Sign-On SOS The Critical Questions Every Company Needs to Ask Enterprise Single Sign-On: The Critical Questions Every Company Needs to Ask 1 Table of Contents Introduction 2 Application
More informationSANS Top 20 Critical Controls for Effective Cyber Defense
WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a
More informationAutomate PCI Compliance Monitoring, Investigation & Reporting
Automate PCI Compliance Monitoring, Investigation & Reporting Reducing Business Risk Standards and compliance are all about implementing procedures and technologies that reduce business risk and efficiently
More information10 Building Blocks for Securing File Data
hite Paper 10 Building Blocks for Securing File Data Introduction Securing file data has never been more important or more challenging for organizations. Files dominate the data center, with analyst firm
More informationThe New PCI Requirement: Application Firewall vs. Code Review
The New PCI Requirement: Application Firewall vs. Code Review The Imperva SecureSphere Web Application Firewall meets the new PCI requirement for an application layer firewall. With the highest security
More informationPortWise Access Management Suite
Create secure virtual access for your employees, partners and customers from any location and any device. With todays global and homogenous economy, the accuracy and responsiveness of an organization s
More informationEnd-user Security Analytics Strengthens Protection with ArcSight
Case Study for XY Bank End-user Security Analytics Strengthens Protection with ArcSight INTRODUCTION Detect and respond to advanced persistent threats (APT) in real-time with Nexthink End-user Security
More informationWhite Paper. Identifying Network Security and Compliance Challenges in Healthcare Organizations
Identifying Network Security and Compliance Challenges in Healthcare Organizations Contents Introduction....................................................................... 3 Increased Demand For Access............................................................
More informationTEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL
TEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL Title: Computer and Network Security Policy Policy Number: 04.72.12 Effective Date: November 4, 2003 Issuing Authority: Office of the Vice President for
More informationDriving Company Security is Challenging. Centralized Management Makes it Simple.
Driving Company Security is Challenging. Centralized Management Makes it Simple. Overview - P3 Security Threats, Downtime and High Costs - P3 Threats to Company Security and Profitability - P4 A Revolutionary
More informationSecurity Features and Considerations
Securing the Unified Communications Enabled Enterprise Integrated communications systems are inherently more secure than traditional standalone phone and messaging systems. Business Communications Challenges
More informationBuilding A Secure Microsoft Exchange Continuity Appliance
Building A Secure Microsoft Exchange Continuity Appliance Teneros, Inc. 215 Castro Street, 3rd Floor Mountain View, California 94041-1203 USA p 650.641.7400 f 650.641.7401 ON AVAILABLE ACCESSIBLE Building
More informationCounterACT Plugin Configuration Guide for ForeScout Mobile Integration Module MaaS360 Version 1.0.1. ForeScout Mobile
CounterACT Plugin Configuration Guide for ForeScout Mobile Integration Module Version 1.0.1 ForeScout Mobile Table of Contents About the Integration... 3 ForeScout MDM... 3 Additional Documentation...
More informationMaking the Business Case for IT Asset Management
1 The business case for IT Asset Management Making the Business Case for IT Asset Management Executive Summary IT Asset Management (ITAM) is an important business discipline that provides insight into
More informationThe Value of Vulnerability Management*
The Value of Vulnerability Management* *ISACA/IIA Dallas Presented by: Robert Buchheit, Director Advisory Practice, Dallas Ricky Allen, Manager Advisory Practice, Houston *connectedthinking PwC Agenda
More informationCollege of Education Computer Network Security Policy
Introduction The College of Education Network Security Policy provides the operational detail required for the successful implementation of a safe and efficient computer network environment for the College
More informationHIPAA Security Alert
Shipman & Goodwin LLP HIPAA Security Alert July 2008 EXECUTIVE GUIDANCE HIPAA SECURITY COMPLIANCE How would your organization s senior management respond to CMS or OIG inquiries about health information
More informationAVeS Cloud Security powered by SYMANTEC TM
Protecting your business from online threats should be simple, yet powerful and effective. A solution that secures your laptops, desktops, and servers without slowing down your systems and distracting
More informationEnterprise Security Solutions
Enterprise Security Solutions World-class technical solutions, professional services and training from experts you can trust ISOCORP is a Value-Added Reseller (VAR) and services provider for best in class
More informationTechnology Blueprint. Protect Your Email Servers. Guard the data and availability that enable business-critical communications
Technology Blueprint Protect Your Email Servers Guard the data and availability that enable business-critical communications LEVEL 1 2 3 4 5 SECURITY CONNECTED REFERENCE ARCHITECTURE LEVEL 1 2 4 5 3 Security
More informationHow To Protect Your Cloud From Attack
A Trend Micro White Paper August 2015 Trend Micro Cloud Protection Security for Your Unique Cloud Infrastructure Contents Introduction...3 Private Cloud...4 VM-Level Security...4 Agentless Security to
More informationIs Your Vendor CJIS-Certified?
A Thought Leadership Profile Symantec SHUTTERSTOCK.COM Is Your Vendor CJIS-Certified? How to identify a vendor partner that can help your agency comply with new federal security standards for accessing
More informationMSP Service Matrix. Servers
Servers MSP Service Matrix Microsoft Windows O/S Patching - Patches automatically updated on a regular basis to the customer's servers and desktops. MS Baseline Analyzer and MS WSUS Server used Server
More informationSTRATEGIC POLICY. Information Security Policy Documentation. Network Management Policy. 1. Introduction
Policy: Title: Status: 1. Introduction ISP-S12 Network Management Policy Revised Information Security Policy Documentation STRATEGIC POLICY 1.1. This information security policy document covers management,
More informationPII Compliance Guidelines
Personally Identifiable Information (PII): Individually identifiable information from or about an individual customer including, but not limited to: (a) a first and last name or first initial and last
More informationHow To Protect Your Network From Attack From A Network Security Threat
Cisco Security Services Cisco Security Services help you defend your business from evolving security threats, enhance the efficiency of your internal staff and processes, and increase the return on your
More informationMobile Device Management for CFAES
Mobile Device Management for CFAES What is Mobile Device Management? As smartphones and other mobile computing devices grow in popularity, management challenges related to device and data security are
More informationCompany Co. Inc. LLC. LAN Domain Network Security Best Practices. An integrated approach to securing Company Co. Inc.
Company Co. Inc. LLC Multiple Minds, Singular Results LAN Domain Network Security Best Practices An integrated approach to securing Company Co. Inc. LLC s network Written and Approved By: Geoff Lacy, Tim
More informationChoose Your Own - Fighting the Battle Against Zero Day Virus Threats
Choose Your Weapon: Fighting the Battle against Zero-Day Virus Threats 1 of 2 November, 2004 Choose Your Weapon: Fighting the Battle against Zero-Day Virus Threats Choose Your Weapon: Fighting the Battle
More informationGFI White Paper PCI-DSS compliance and GFI Software products
White Paper PCI-DSS compliance and Software products The Payment Card Industry Data Standard () compliance is a set of specific security standards developed by the payment brands* to help promote the adoption
More informationReining in the Effects of Uncontrolled Change
WHITE PAPER Reining in the Effects of Uncontrolled Change The value of IT service management in addressing security, compliance, and operational effectiveness In IT management, as in business as a whole,
More informationBypassing Network Access Control Systems
1 Bypassing Network Access Control Systems Ofir Arkin, CTO Blackhat USA 2006 ofir.arkin@insightix.com http://www.insightix.com 2 What this talk is about? Introduction to NAC The components of a NAC solution
More informationLog Management How to Develop the Right Strategy for Business and Compliance. Log Management
Log Management How to Develop the Right Strategy for Business and Compliance An Allstream / Dell SecureWorks White Paper 1 Table of contents Executive Summary 1 Current State of Log Monitoring 2 Five Steps
More information