Solutions

• Overview
• Vendor Access Control
• Network Segmentation
• PCI DSS Compliance
• HIPAA Compliance
• FISMA Compliance
• NERC CIP Compliance
• Password Management
• Remote Access Control

Network Segmentation

While flat, or non-segmented, networks can impose performance limits in demanding environments, many organizations embrace them as a simple, inexpensive solution for providing easy access to resources. But that expediency introduces problems when tighter security controls become necessary, or when organizations seek validation of compliance with standards like PCI DSS.

From a security standpoint, a flat network is a dream come true for a hacker or malicious insider. Every system, application and device is readily accessible on the network. So administrators can leverage authorized access to one system as an avenue to reach other, unauthorized resources. Similarly, a breach in even a low-value server can be exploited as a launch pad for attacks on more valuable resources.

Compliance checks and audits can be painful with flat networks. For example, PCI DSS requirements are typically applied only to systems supporting the processing of cardholder data. But in non-segmented networks, examiners may find the entire network—rather than a focused, targeted subset—is in scope for examinations. Examining an entire network is expensive, requires substantially more time and energy to complete, and vastly increases the risk that a network will be found non-compliant.

The traditional solution is to physically segment your network. Network segmentation provides the control needed to limit access to sensitive resources, and it effectively limits the scope of compliance activities. But physical segmentation is expensive and time consuming, and it does nothing to solve the issues with shared passwords and physical access to resources. The solution also requires networks to be redesigned, infrastructure to be replaced and tests to be performed. And administrators face increased operational complexity.

Xceedium’s Network Segmentation Benefits:

• Logical network segmentation — Xceedium provides logical segmentation of networks, without the expensive physical changes required by traditional solutions. With a single hardened appliance, Xceedium allows organizations to control access to specific systems and resources through role-based groups or individual authorizations. Administrative passwords are vaulted, controlled and not shared. Eliminating shared administrative passwords ensures that even when users have access to servers or network devices, they are not able to circumvent security controls

• Access control — Controls extend beyond access to systems since Xceedium enforces limits at the level of individual commands. Dangerous commands can be eliminated with powerful black lists that block selected activity. White lists enable precision controls over commands by restricting the use of problematic or dangerous options

• Leapfrog prevention — Security is enhanced by limiting an individual’s access to authorized systems. No longer can attackers use one system as an avenue of attack for another. Individuals are permitted to reach only authorized systems, and they never even become aware of the existence of devices or applications they’re not authorized to use. Efforts to reach unauthorized resources are simply dropped and never make it to their intended target.