Home

Akibia Spotlight

Check Point's Powerful SSL-VPN Capabilities Enhanced

Nokia Enhances Security Portfolio with IP390

Secure & Accelerate Your Business with Blue Coat

Your Reputation Precedes You: The Future of E-Mail Reputation Systems

Scaling Protection: The Network Now Plays a Roll in LAN Security

Compliance, NAC, VoIP & Others Require Next-Generation Network Infrastructure

The RSA Security PCI Solution

Solving the Entitlement Reporting Challenge

Case Study: Paragon Biomedical Secures Clinical Data via TippingPoint IPS

Achieving Compliance Nirvana

Voice on the Mobile Edge

Better Visibility for More Efficient Compliance

Best in Class HIPS Solutions for Best Practice Endpoint Security

Akibia News

Akibia Partners

Contact Akibia

 

 

Achieving Compliance Nirvana
By Margot Siek, DIRECTOR, PRODUCT MARKETING - BIGFIX

 

Organizations face the twin challenges of interpreting vague regulations in a meaningful and defensible way and adhering to multiple Information Technology compliance standards simultaneously. Moreover, IT compliance is not a one-time event. It must be achieved and demonstrated continually, quarter after quarter and year after year. With the onslaught of new IT compliance initiatives with teeth (PCI, SOX, FDICA, HIPPA, etc.), organizations have struggled to stay abreast of the requirements, and to a large extent the response to audits has been ad-hoc and without consideration for efficiency. In the long term organizations strive for optimization, continuous compliance - a state which can be enabled by continuous policy enforcement on laptop, desktop, and servers whether these assets are disconnected or connected to a network and no matter how they connect to the network. Industry standards setting bodies, leading analysts, and vendors have developed frameworks to enable organizations to achieve this objective.

Selecting and Implementing Appropriate Controls for Regulatory Compliance

Regulatory and commercial mandates have common tenets focused on accountability, transparency, measurability, and the deployment of processes and tools to continuously address regulations. Common requirements across regulations include:

  • The establishment of comprehensive information security policies and procedures
  • The establishment of an ongoing risk assessment process
  • The implementation of defined access controls, assignment and segregation of duties, identification and authorization of access to critical data
  • Security awareness and training
  • Security incident procedures and contingency plans
  • Audit controls, continuous monitoring and regular reporting
  • Configuration and change management for systems, software and user access
  • Implementation of controls to maintain system and information integrity and to prevent unauthorized programs
  • Automated enforcement of specific security policies for servers and workstations including patch management, anti-virus, anti-spyware, OS configuration and password policies
  • Controlling use of peripheral devices and removable media
  • Network access control (Cisco NAC, Microsoft NAP, Infoblox and other solutions) and firewall management

With the right tools, organizations can defensibly demonstrate their adherence to a broad spectrum of regulations, increase overall security and achieve continuous compliance while lowering the cost and complexity of their IT infrastructure. Compliance for requirements that cut across multiple regulatory and commercial mandates can be automated with BigFix.

The Future of Compliance

Ideal solutions offer a single technology platform that enables compliance with a broad spectrum of industry standards and government regulations. The most effective compliance solutions continuously monitor and evaluate systems and configurations to assess compliance against mandated standards and regulations. These solutions automate exception reporting, provide the ability to remediate exceptions, and deliver management reports and dashboards, which measure operating effectiveness and provide management with tools to ensure compliance from period to period.

Focus on BigFix

The customizable BigFix Enterprise Suite platform offers targeted application of compliance policies and standards. Packaged solutions are available for a wide variety of corporate standards and government regulations. BigFix offers continuous zero-effort assessment of compliance status including management dashboards. More importantly, BigFix enables global real-time remediation of computers that have fallen out of compliance - enabling continuous and turnkey compliance.

BigFix provides the ability to automate computer related controls. BigFix provides out of the box functionality for monitoring the effectiveness of controls, for identifying any exceptions across the enterprise, and for remediating deviations with zero-effort. One size does not fit all - the pre-packaged content may be customized and extended to meet the specific needs of your organization to ensure the effectiveness of standards requirements.

Management sees concise dashboards that grade the effectiveness of the IT function relative to specific compliance initiatives. System alerts and detailed reports provide operations personnel with the tools to respond immediately, to remediate exceptions and to continuously monitor the control environment.