This article can also be found in the Premium Editorial Download "Information Security magazine: Everything you need to know about today's information security trends."
Download it now to read this article plus other related content.
The two-tiered architecture comprises a centralized collector with an integrated SQL Server database and agents to gather information and report to the collector.
ECM can discover Windows hosts by accessing an Active Directory domain controller and automatically license the systems and push out the client software.
Unix/Linux servers require entering host information manually or file import. Agents are installed manually.
The Web-based portal has four tabbed sections available to users based on role: Console, Compliance, Reports and Administration. The interface is smooth and responsive, but there's a steep learning curve.
ECM's user account management integrates seamlessly with Active Directory, allowing you to leverage existing authentication and authorization infrastructure.
ECM continues to deliver on its core promise: the ability to monitor and modify the configuration of managed systems in
| an extremely granular fashion. Our tests verified that the agents gather and report configuration information effectively. Additionally, we were able to issue configuration commands to managed systems through the ECM Portal. For example, we used ECM to kill processes and modify registry entries.
The Windows Remote Command interface allows you to execute arbitrary VBscript commands on managed systems and includes predefined scripts that accomplish common tasks.
The new version also provides support for monitoring VMware ESX virtualization servers.
ECM ships with a number of built-in, management-friendly dashboards complete with graphics for operational status reports. These dashboards track security log events, change management, antivirus status, installed software package and compliance with standards.
You can also create custom reports using a wizard.
One of the most important new features is the ability to enforce continuous compliance requirements through the use of alerts to notify you if a system's configuration varies from compliance requirements.
ECM is one of the best configuration management products we've seen. If you're able to accommodate the product's steep price tag in your budget, it's a fantastic solution for monitoring and maintaining compliant system configurations in the enterprise.
Testing methodology: We tested ECM in a Windows Server 2003 environment running under VMware Workstation.
This was first published in July 2008