This article can also be found in the Premium Editorial Download "Information Security magazine: Betting the house on network anomaly detection systems."
Download it now to read this article plus other related content.
Price: Starts at about $100,000 for server and 500 agents
|Elemental's Elemental Compliance System 1.1|
Compliance is all the buzz, but the real challenge is leveraging tools that give organizations a firm grip on their enterprise security posture and do more than simply earn an auditor's signature. Elemental's Elemental Compliance System (ECS) unites enterprise-wide host configuration, policy management and network access control into one easy-to-use package.
ECS employs agent technology to monitor hosts and align them with policy, polling the server for current policies, assessing host status and reporting back to the server for correlation. If a host or group is out of compliance, network access may be restricted or stopped. Hosts that don't have an agent can be given restricted network access.
The server supports 4,000 managed clients, and multiple ECS servers can share a common master database.
Policies can be created from a wide range of rules, including usage of most common antivirus software packages, up-to-date patches, password confirmations and unauthorized program detection. Hosts or groups of hosts are graded by their conformance with these policies.
Groups can be based on attributes such as OS, server role or specific processes running, and dynamically generated from details gathered on the hosts. Hosts can be automatically added to existing groups based on group attributes (e.g., Windows Server 2003). ECS includes policy templates for regulatory compliance (SOX) and best practices.
The server runs on Red Hat Enterprise with an Oracle back end. The Py-thon-based agent runs on Red Hat, Solaris and Win-dows 2000/XP/2003.
The installation of a prerelease of the 1.1 version server, aided by an Elemental engineer, was a little rough around the edges, and re-quired manual editing of configuration files and manual deployment of the Oracle server. Clients were installed and connected to the server. From this point on, the server and clients worked flawlessly.
Almost immediately, ECS began receiving information, starting with vital data points such as IP addresses, MAC addresses and the host OS. After several minutes, the host compliance was rated.
The SSL Web-based interface is clean and well-designed; our tests were a breeze thanks to the simplicity and effective, logical placement of controls.
Each user can have multiple report pages that are completely configurable. Users can view compliance at a high level or can drill down to individual hosts. Reports can be generated for overall compliance, trending over time, group membership, host attributes and packet filter data.
ECS is a very innovative system and a solid, albeit young product that can go a long way in helping any organization meet its policy guidelines.
This was first published in July 2005