Reworking Risk Policy


This article can also be found in the Premium Editorial Download "Information Security magazine: Is your data safe from next-generation attackers?."

Download it now to read this article plus other related content.

Another noteworthy feature of many policy management products is that they integrate across the enterprise, pulling data from a variety of sources, including backup, antivirus, content filtering solutions, firewalls, operating systems and routers; these data feeds should reduce the amount of data the user has to sift through. Some automated tools also integrate vulnerability management, keeping systems up to date and addressing emerging threats and zero-day exploits.

The ability of policy management tools to automatically correlate large amounts of disparate data can also facilitate regulatory compliance and reporting since it allows users to pull compliance data for specific regulations. A major complaint among security professionals is the redundant requests for the same audit-related information from external auditors, internal auditors and government regulators. Instead of having to complete several different audits that address similar issues, these tools allow you to generate reports tailored for different groups.

Automated policy management tools can also monitor for violations and track policy exceptions. A key benefit is that all reports are consolidated into one management console, making them easier to track than with the manual approach. But they are not really active monitoring products--they won't act like a fire alarm. Symantec, however, plans to integrate BindView with technology that manages incidents; other tools are designed to integrate with

    Requires Free Membership to View

security event management products.

None of the products are plug-and-play--all take time to implement; some even require companies to convert their policies into a specific format. Implementation times vary depending on the product and the state of the organization's policies.

Along with implementation times, software cost is a key consideration with automated tools. For instance, the Elemental Security Platform 2.0 starts at about $35,000 with server agents costing around $600; workstation and laptop agents cost $60.

This was first published in June 2006

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: