This article can also be found in the Premium Editorial Download "Information Security magazine: Security 7 Award winners: Simply the best."
Download it now to read this article plus other related content.
Metrics Accelerator 1.1
REVIEWED BY SANDRA KAY MILLER
Price: Software starts at $50,000
Demonstrating security ROI has always been a hard sell. ClearPoint Metrics' Metrics Accelerator is designed to cut this daunting job down to size by automating the creation, deployment and reporting of metrics for enterprise-class security systems to ensure compliance and justify security spending. It's a good idea, but the product has considerable rough edges.
Setup and configuration is frustrating and difficult, starting with a command-line decompression of .zip files and manual installation of the three main components--Metrics Studio, Metrics Server and Metrics Publisher--along with third-party applications necessary to support the product--all very messy for expensive and complex software. Poor documentation and almost nonexistent help files exacerbate the problem.
The predefined metrics-deployment packs must be manually imported, and when you browse to import these and other settings, you're forced back to the default drive location instead of the last directory, forcing you to repeatedly navigate to the working directory. Other signs of sloppy work include some buttons that don't indicate function when you mouse over them.
Policy Control C
Getting past the difficult installation and importation of predefined metrics, most of the work is done in the Metrics Studio, the metrics design console, which is clean and easy to navigate. Metrics Studio lets analysts create custom metrics or metrics deployment packs, such as those for Active Directory, identity and access, and vulnerability and patch. Hierarchical trees help users navigate metrics, data sets, actions and scheduling.
Metrics Studio lets you drill down into detailed metrics and manipulate actions, data sources and more. For example, ClearPoint defines a metric for failed logins, but takes it a step further in breaking it into actual numbers as well as percentages. Digging deeper, the metric can be defined as failed logins according to business unit and account type.
Nevertheless, the need to manually install each metrics pack--just deciding which to install--and the daunting complexity of defining controls make this difficult to use.
More information from SearchSecurity.com
Our expert Joel Dubin, outlines the steps for assessing risk in this Ask-the-Expert tip.
Our Risk Management Guide shows how to write a proper risk management policy.
Automation is the key ingredient of Metrics Accelerator, and Metrics Server delivers the metric definitions defined in Metrics Studio according to specified schedules. With the ability to collect data from an assortment of security products and systems like antivirus or Active Directory, Metrics Server can be deployed on Windows, Linux and Unix servers.
Users define the type of target data file (delimited, Excel, JDBC, LDAP) and set the target source (such as log files on antivirus systems). One nice feature is the ability to set up manual entry metrics, allowing end users to provide data through Web-based Q&A.
ClearPoint does a good job of amalgamating and displaying calculated metric results through the Web-based Metrics Publisher. Information gathered by Metrics Server is stored in the Metrics Results Database (MRD), which serves up the calculated metrics results in a variety of predefined HTML-based reports.
The real power is the ability to store metrics data over time for powerful historical and trend analysis. For example, if your company switches antivirus vendors, you could automatically determine how the change affected organization security.
Metrics Accelerator can provide the measuring stick enterprise security administrators need, but needs a lot of polish to make it easier to swallow the price tag.
Testing methodology: All three components, as well as the required Apache Tomcat, PostgreSQL and Java 1.5, were installed on a single server (Windows 2003). Predefined and custom metrics were run against sample data, including patches and deployments, employee data, virus logs, passwords, password audits and vulnerabilities.
This was first published in October 2006