Financial services companies like Marshall BankFirst need a firm grip on what's going on across their networks, both to satisfy demanding regulatory obligations, and to protect their customers' accounts and personally identifiable information.
"Elemental has the most comprehensive overall approach for compliance monitoring, across the board and across platform," says Tyler Brenden, director of IT infrastructure for Marshall, which includes banks in three states, and national commercial and residential lending services.
In a year when regulatory compliance seems to dominate the infosecurity market, the integrated policy management, host configuration and network access control in a single offering earned Elemental Compliance System (ECS) the gold medal in emerging technologies. In a category chosen by Information Security and SearchSecurity.com editors, Elemental's innovative approach to a high-profile,
"Being a bank, we have many federal compliance issues," says Brenden. "Audits always came down to information security policy: 'Prove it. Do you actually implement the policies?' We had to show screen prints and configuration screens. With Elemental, we can define policy and show which devices are in compliance, and the percentage."
Agent-based ECS gives an up-to-date picture of your networks' compliance on demand – by group, by device and by policy. It can monitor compliance for anything from password policy to patch level. ECS provides some 1,700 policy templates based on NSA, Microsoft, DISA and SANS security best practices; SOX, and standard applications such as Internet Explorer, Oracle, Apache, Sendmail and IIS. ECS can enforce as well as monitor policy through several means, including quarantining noncompliant PCs and servers. Marshall is getting ready to implement its initial enforcement procedure for wireless connections.
"We don't allow wireless networks," Brenden declares, "but our workforce has laptops. Our Elemental policy won't allow the device to connect to the network if the wireless card is enabled."
Brenden also likes ECS agents' ability to detect devices on the corporate network by monitoring traffic in and out of the device and putting them into dynamic groups until they can be checked out.
"And it can limit communications between devices," he says. "We can see some important cases for that, particularly not allowing development machines to see data sources."
With attackers swarming over vulnerable Web apps, HIVE creates quite a buzz with its fresh approach to securing online activity. The magic is in its unique technology, which effectively uses application-layer tokens to proxy each Web transaction and validate requests.
OneSign is single sign-on for the rest of us, with an innovative technology that makes adding almost any application a snap, doing away with manually scripted login procedures, and saving time and money.