This article can also be found in the Premium Editorial Download "Information Security magazine: Compliance vs. security: Prevent an either-or mentality."
Download it now to read this article plus other related content.
Elemental Security Platform
REVIEWED BY BRENT HUSTON
Price: Management server, $35,000; desktop agent, $60;
The Elemental Security Platform (ESP) is a powerful tool for monitoring and enforcing system compliance, and provides effective asset management, asset-centric access controls and risk management.
Since we reviewed Ele-mental Security's version 1.1, then called Elemen-tal Compliance System (August 2005), the product has matured and extended its capabilities, with support for new client OSes, risk management, support for ticketing systems and better LDAP integration.
Agent installation simply requires giving it the address of the ESP server and answering one or two other questions, depending on the platform.
The client connects securely to the server, reports gathered information and downloads relevant policies. The server automatically gathers data about open ports and services to categorize hosts, and places them in groups that can be defined manually or imported from LDAP.
As a key to risk assessment, the ESP server assigns a value to the system, depending on what services it's running. These values can be overwritten.
But it can still use a bit more tweaking. For instance, during policy creation, if you click on rules for a closer look, they open on the same page, so there's no facility to backtrack to where you were. So we had to hit the backspace button, which erased any rules we had already configured. You can right-click on the link and open a new window to bypass that inconvenience.
ESP can be used as a basic asset inventory tool or a granular asset-centric access control solution, depending on policy. Policies can contain a variety of rules, from packet filters, to whether the user can install a piece of software, to rules that check for compliance with baselines (such as CIS, or HIPAA security requirements).
We defined some simple policies, such as denying access to secured hosts by unsecured hosts (hosts not running the agent), by naming the policy and adding rules. Some rules require additional configuration, such as ports for the network filters.
The reports are easy to read and feature a variety of graphs and charts to effectively represent the information. Data can be exported to a variety of formats, including CSV and PDF.
Testing methodology: The system we received was preconfigured for our environment. In our tests we used a variety of OSes, including Windows, Mac OS X and Red Hat Linux.
This was first published in March 2007