Managing the mobile workforce

Interesting article the other day on PhishMe.com – Owning The Mobile Workforce. In it, Schmoilito writes about the vulnerabilities inherent in most SSL VPNs, and the challenges this poses for the growing number of companies with employees working remotely. We had an opportunity to chat with Rene Poot about his thoughts on the subject. Rene’s comments: This is a brilliant article; in order to leverage security; you require a firm ‘foothold’ on the device; i.e. a client that can enforce security policies on the machine itself. The idea of ‘clientless’ what SSL VPNs push is in very often in actual fact their ‘Achilles’ heel’! The point you make! It’s not so much the SSL VPN at fault, SSL protocol itself is a great method to create security tunnels; but it’s the implementation that’s at fault — the atomization as you point out in the article. NCP’s approach of having a client installed, that comes with a dynamically adaptable firewall to fend off malicious attacks, comes with an integrated dialer, to ensure the connection is secure and controlled, and comes with Endpoint Security enforcement to ensure the machine is secured — and then all this with the manageability aspect — the lack of which drove many people away from IPsec and to...

What we're reading, week of 5/25

From Nevis Networks… Illuminations: More NAC confusion and FUD in the press…. Nevis responds to a Network World article expressing doubt that in-line NAC devices will be widely adopted in the enterprise. The CTO makes a spirited defense of Nevis’ solutions in this area.   From SecureWorks… The Sky is Falling (or why humans should examine the results of automatic audits) Hunter King critiques the weakness of keys automatically generated by OpenSSL.   From StillSecure… 3 Pints and a NAC Alan Shimel links to a video feature he starred in before RSA, discussing NAC over pints with Mike Fratto at InformationWeek and Dominic from Nevis Networks.   From NSS Labs… PCI Compliant Products Rick Moy clarifies that there is no such thing as a “PCI compliant product” – rather, NSS likes to say that products address or support compliance, but no product can make a company compliant. He stresses that we need to broaden the security discussion beyond tools and address policies and practices as...

What we’re reading, week of 5/25

From Nevis Networks… Illuminations: More NAC confusion and FUD in the press…. Nevis responds to a Network World article expressing doubt that in-line NAC devices will be widely adopted in the enterprise. The CTO makes a spirited defense of Nevis’ solutions in this area.   From SecureWorks… The Sky is Falling (or why humans should examine the results of automatic audits) Hunter King critiques the weakness of keys automatically generated by OpenSSL.   From StillSecure… 3 Pints and a NAC Alan Shimel links to a video feature he starred in before RSA, discussing NAC over pints with Mike Fratto at InformationWeek and Dominic from Nevis Networks.   From NSS Labs… PCI Compliant Products Rick Moy clarifies that there is no such thing as a “PCI compliant product” – rather, NSS likes to say that products address or support compliance, but no product can make a company compliant. He stresses that we need to broaden the security discussion beyond tools and address policies and practices as...