Network Access Control Technologies and Symantec Compliance on Contact
NAC solutions require multiple enforcement methods and policy flexibility to cover the entire enterprise network. As an innovator in NAC solutions, Symantec provides the most comprehensive and flexible set of options for deploying NAC to best fit your enterprise needs. Read this paper to learn more about the theory behind Symantec’s technology.
Click here to download PDF

The Essential Elements of Comprehensive Endpoint Security
Description: For today’s computing environments, there is little question that endpoint security is a required component of an overall enterprise security strategy. Read this paper is to clarify the various aspects of the endpoint security problem and to identify the functional requirements of a comprehensive endpoint security solution.
Click here to download PDF

Internet Security Threat Report
The Highlights of this volume reveals the security threat environment continues to be populated by lower-profile, targeted attacks as cyber criminals identify new ways to steal information or provide remote access to user systems. This report offers analysis and discussion of threat activity, including: Internet attacks, vulnerabilities, malicious code, phishing, spam, security risks, and future trends.
Click here to download PDF

Q1 Labs aids NAC tools by matching user IDs with security events

When network managers are tracking down the source of a security breach, the search often stops cold at the IP address

For instance, a remote user logging on to the network via a VPN connection could have been assigned the same IP address that a traveling user had tapped earlier in the day. After learning the IP address on which the event occurred, the network manager would have to check Windows logs or other identity databases manually to determine which user had been using that IP address at the time of the breach.

That's why Q1 Labs next week is making available an updated version of its QRadar network- and security-management product that relates user identities to specific network and security events and speeds the process of pinpointing the source of a policy, compliance or security breach.

QRadar, which is packaged as an appliance, monitors network flow data and collects events from network and security devices. Now the product relates user identity data from RADIUS and Active Directory servers and from firewalls to IP addresses and security events. The product maps the user identity to asset profiles in numerous ways, including host name to IP address; DNS to IP; group name; user name to IP; media-access-control (MAC) address to IP; and switch port, switch and location.

"This will let network managers not only see the IP address associated with the threat, but also the user ID associated with that IP address and at the time of the threat. QRadar can also keep a history of who that user is and past threats or events associated with the user," says Tom Turner, vice president of marketing at Q1 Labs. "The goal is to answer the questions, 'Who is attacking my network?' or 'Who is out of compliance?' without having to do additional manual forensics."

Turner says QRadar combines network behavior-analysis features with security event management (SEM) capabilities and user identity tracking, making it prime competition for Cisco 's MARS (Monitoring Analysis and Response System) product. Q1 Labs also competes with SEM vendor ArcSight and Arbor Networks in the network behavior-analysis market.

Also in this release the company added a bit of network access control (NAC) technology to integrate with customers' NAC efforts. By conforming with Trusted Computing Group's Trusted Network Connect open standards, QRadar performs postadmission monitoring of user IDs on the network and alerts a policy server or gateway, such as Juniper Networks ' Infranet Controller, to the policy-violating behavior. From there, policy creators and enforcers may decide to update the user profile or employ stricter enforcement policies.

"We are not a NAC product, but a product likes ours can help NAC technologies once the user is on the network. We can make sure the user is behaving correctly while on the network and alert NAC to anomalies," Turner says.

Available next week, QRadar 6.0 starts at US$38,000 for a stand-alone appliance. Large environments may require multiple appliances to collect data from distributed network segments or geographic locations. The number of appliances needed and pricing will depend on the size of the network.

Back to top

Click here to submit a story for consideration by Cram Session Editor, stories@cramsessionnac.com