Network Access Control Technologies and Symantec Compliance on Contact
NAC solutions require multiple enforcement methods and policy flexibility to cover the entire enterprise network. As an innovator in NAC solutions, Symantec provides the most comprehensive and flexible set of options for deploying NAC to best fit your enterprise needs. Read this paper to learn more about the theory behind Symantec’s technology.
Click here to download PDF

The Essential Elements of Comprehensive Endpoint Security
Description: For today’s computing environments, there is little question that endpoint security is a required component of an overall enterprise security strategy. Read this paper is to clarify the various aspects of the endpoint security problem and to identify the functional requirements of a comprehensive endpoint security solution.
Click here to download PDF

Internet Security Threat Report
The Highlights of this volume reveals the security threat environment continues to be populated by lower-profile, targeted attacks as cyber criminals identify new ways to steal information or provide remote access to user systems. This report offers analysis and discussion of threat activity, including: Internet attacks, vulnerabilities, malicious code, phishing, spam, security risks, and future trends.
Click here to download PDF

Lockdown taps other security gear to check malware

A pending upgrade is designed to enable Lockdown Networks' network access control gear to quarantine rogue devices that are detected by other security equipment on the network.

New software for Lockdown Enforcer devices will accept syslog information from other machines and impose access restrictions based on how severe these other devices perceive threats to be.

This sharing of data from intrusion-prevention system (IPS) devices, for example, will enable Enforcer to quarantine computers that are on the network but whose behavior violates security policies, the vendor says. Lockdown gear scans devices as they attempt to access the network, but doesn't monitor their behavior once they are on.

Intrusion-detection system (IDS) gear may find behavior that represents a security risk, but responds only by sending out alerts, not automatically taking action.

The combination of the two is something wanted by customers of reseller South Seas in Denver, says Jeff Kowalski, vice president and COO of the company.

He says using Enforcers with IPS gear from LockDown will make it possible to quarantine devices that came onto the network appearing clean but that later show behavior indicating they are infected with malware.

"It can let us take real-time action on events reported by the IPS," he says.

A major plus for this approach is that the devices can be added to networks without requiring infrastructure upgrades, Kowalski says.

Syslog standards define seven levels of threat that can be transmitted with syslog data. Lockdown says its Enforcers can be configured to act on syslog events from other devices based on the threat level. So a Level 2 threat might trigger no action by the Enforcer while a Level 7 threat might trigger a quarantine for the device that represents the threat, Lockdown says.

In cases where other security devices such as IDS, IPS and network behavior analysis gear do not support syslog standards, Lockdown can gather information from them using APIs, the company says.

The upgrade to Enforcer software is scheduled for general availability in April.

Back to top

Click here to submit a story for consideration by Cram Session Editor, stories@cramsessionnac.com