White papers

Securing the Public and Private Cloud
Cloud computing has become a critical part of the IT infrastructure. The value of virtualization is undeniable with reduced costs, infrastructure, and power as just three of the many benefits. Yet, for all of the benefits, there is one topic that gives organizations pause: security. Are cloud environments safe? This paper sheds light on the unique security challenges that datacenters, hosting companies, and telecommunications providers face in implementing and managing virtual infrastructures on behalf of their customers.

Enhanced Revenue in the Datacenter: Increasing Lifetime Customer Value through Managed Service
Providing high-value managed services is an effective way for service providers, such as datacenters, telecommunications firms, hosting providers, and colocation facilities to increase revenue and customer retention rates. This paper presents the analysis of how managed services increase the lifetime customer value for service providers. It examines the relationship between enterprise value (EV), the average lifetime value (ALV) of the customer, monthly recurring revenue (MRR), development and staffing costs, and the qualitative factors that affect customer retention.

Layered Network Security
Introduces you to a layered-security approach for protecting your network. With network attacks increasing in sophistication and frequency, point solutions cannot provide adequate protection. Effective security requires a layered approach, where measures are implemented at five different levels on your network: perimeter, network, host, application, data.

A Phased Approach to NAC Implementation
There are many reasons for the instant appeal and excitement for NAC; a primary reason being that conceptually NAC is easy to understand and the benefits are obvious. NAC has the potential to protect networks, put control back into the hands of the IT staff and result in automated compliance. However, the reality is that NAC has not always lived up to its potential. Implementing a NAC solution can be costly, complicated and expensive. The single most important thing you can do to ensure a successful NAC implementation is to pick a NAC system that has proven itself. (23pp)

Data Protection Rule of the GLBA: A strategy for compliance
Provides a detailed summary of the Gramm-Leach-Bliley Act (GLBA), the 1999 legislation that regulates data security in the financial services industry. The paper summarizes the key requirements of the act, discusses what you need to do to ensure compliance, and provides a checklist to help you assess your current state of readiness. (7pp)

Staying compliant with the evolving security regulations of GLBA
Provides a concise summary of recently issued guidance that expands GLBA. Issued by the Federal Financial Institutions Examination Council (FFIEC) in January 2003, the new guidance requires financial institutions to protect all information assets, not just customer information. This paper describes the security process that the FFIEC recommends affected institutions put in place to stay compliant with the expanded requirements. (7pp)

Beyond the firewall: The next level of network security
Explains why a firewall alone can no longer adequately protect your network. It introduces you to advanced network security technologies, including intrusion detection/prevention systems (IPS/IDS) and vulnerability assessment (VA) tools. The paper describes these advanced technologies within a layered-security framework and illustrates why it is imperative to adopt the layered approach to protect your digital assets. (8pp)

A how-to guide for HIPAA security requirements
This paper shows you how to achieve compliance with the Health Insurance Portability and Accountability Act (HIPAA) of 1996. There are a number of straightforward actions that IT leaders can take to meet the prescribed requirements and position their organization for ongoing protection of personal healthcare information. Areas covered include: policy definition and compliance; risk assessment and management; exposure mitigation; auditability. (8pp)

NAC is in the Details
Although there's a lot of confusion on the market about NAC (Network Access Control), this whitepaper provides insight into why a NAC solution is a critical component of your network security plan. By understanding the 3 main components of NAC — enforcement, testing, and integration — readers learn which methods are best for them depending on their network infrastructure. This paper simplifies NAC product strategies so you can make informed, confident decisions regarding NAC. (6pp)

Demystifying Network Access Control
This paper demystifies network access control. It examines the core security problems that gave rise to NAC technology. It addresses organization-specific factors that must be considered when evaluating solutions, and it covers the range of enforcement methods available to keep non-compliant devices from accessing the network. (8pp)

Choosing Security Tools for a FISMA-compliant Infrastructure
The Federal Information Security Management Act (FISMA) steers agencies toward compliance through unified reporting standards. While a wide range of information security tools are permissible under FISMA, reporting requirements will be tightly defined. Tools being evaluated with FISMA compliance in mind should be judged on how they directly or indirectly support the FISMA reporting requirements. This paper identifies capabilities including accurate assessment, connectivity, and reporting that your security infrastructure should provide to satisfy FISMA's reporting requirements. (5pp)

Keeping Trusted Endpoints Honest: Using IDS/IPS for Post-Connect NAC
This whitepaper presents the case for using intrusion detection/prevention technology (IDS/IPS) for NAC post-connect sensing. It covers the basic IDS/IPS capabilities that make it ideal for post-connect sensing; the expanded policy enforcement options this approach enables; the greater return on investment realized by having your IDS/IPS do double duty; post-connect deployment on the network.

Endpoint Policy Compliance: A Closed-Loop Approach
This paper presents a next-generation, closed-loop methodology for ensuring endpoint compliance. It describes an automated process that checks devices as they connect to the network. Those that pass are logged as compliant, but those that fail are immediately and automatically remediated. This closed loop process occurs with each endpoint's network connect, 24x7x365. The results are a secure network, reduced costs, and clear visibility of the organization's security posture.

StillSecure network security whitepapers

Our network security whitepapers are designed to both give you valuable intelligence on the operational aspects of our solutions and provide the background context that allows you have a better understanding of how our technologies fit within the network security spectrum.

The emergence of the Internet in the early 1990s created the need for a disciplined approach to network security, hacker prevention, and network intrusion prevention. Connectivity was a boon to the speed and efficiency with which business is transacted, yet it came at the price of exposing private network assets and proprietary data to the world at large. The first wave of security technologies—primarily firewalls and anti-virus (AV)—quickly emerged to lock down the network perimeter and afford some protection to networked endpoints. While no network would be considered secure without a firewall and AV, today they are insufficient to protect the network by themselves. An analogy would be the business owner located in a high-crime area who only installs locks on his doors. It's a good start, but without an alarm system, camera surveillance, guard dogs, and regularly scheduled police patrols, his investment is inadequately protected.

By 2000, additional security technologies were making inroads into the market. Recognizing that there was no silver bullet to secure the network, organizations began implementing a 'layered' approach, installing additional solutions beyond the firewall and AV. The effective mix of solutions depends on the organization's size, culture, and business flows. Technologies in the layered security mix include virtual private networks (VPN), intrusion detection/prevention systems (IDS/IPS), identity management and authentication, patch management systems, vulnerability assessment tools, endpoint compliance solutions, and others.

While the layered approach represents a dramatic improvement in the level of security, it comes with a number of administrative drawbacks. Security technologies are point solutions, which Collectively introduce a number of operational inefficiencies.

The key that unlocks the potential of a layered security architecture is integration. By bringing network security systems together, the organization immediately realizes considerable synergistic benefits. Integrated security systems can be managed and monitored centrally, yet authority for local actions can be dispersed as needed throughout the enterprise. Responses to security threats can be immediate, not just at the network perimeter but at the desktop device, or even the point of entry into the network. Security issues can be automatically elevated, follow-up tasks can be assigned to the appropriate administrator or technician, and security enforcement systems can take action to limit the exposure posed from an offending device.