If you are trying to log into a network protected by Bradford Networks' NAC Director, you'll have an agent on your computer or you won't login. If you have an agent, you'll be sent exactly where policy allows you to go and nowhere else.

Like all of our selections for this issue, Passlogix told us that they were innovators because they look at problems in new ways. What is more important is not that they look at problems in new ways, but how they do it. The "how" in the case of Passlogix is the real differentiator.

When the phrase identity management comes up it is almost enough to make any administrator cringe. Between managing users, making sure they are in the right groups and have the right permissions, keeping the system up to date, and the many other headaches that come along with managing identity, most administrators would rather do pretty much anything else.

Every company — especially the ones we have selected this month — couples vision with philosophy. The simple philosophy that Entrust embraces is: if multifactor authentication is to be the wave of the future, it must be affordable and manageable without losing its effectiveness.

The analysis and testing products are the toys in our lab. The five products we've selected form the standards against which we test other products.

There may — will, according to Mu Security — come a time when signature-based vulnerability assessment by itself is no longer a viable testing option.

Iconsider the term "ethical hacking" an oxymoron, but it has become a part of the information assurance lexicon whether I agree or not. However, the practical fact is that true penetration testing is not hacking in any form whatever.

Every now and then we see, as Monty Python used to say "...something completely different." The RazorThreat Threat Analysis Console is just such a product. The TAC, as RazorThreat refers to its product, analyzes inter-domain communications and determines through policy whether the communication is allowed or may be indicative of an attack.

SIM/SEM — security information management or security event management — often is characterized as being log correlation and analysis. LogLogic entered the market as an early player and focused on log management. That is still, five years later, where the company puts its efforts.

Occasionally one gets to see a set of products whose only connection is that they take really hard problems in a particular application space and address them in remarkably innovative ways. These are the solutions to hard problems that everyone says you can't do, but you have to do it anyway.