Risk Policy: Elemental Security Platform product review

Ezine

This article can also be found in the Premium Editorial Download "Information Security magazine: Compliance vs. security: Prevent an either-or mentality."

Download it now to read this article plus other related content.

RISK/POLICY MANAGEMENT


Elemental Security Platform
REVIEWED BY BRENT HUSTON

Elemental Security
Price: Management server, $35,000; desktop agent, $60;

    Requires Free Membership to View

    Login

server agent, $600

@exb

@exe

The Elemental Security Platform (ESP) is a powerful tool for monitoring and enforcing system compliance, and provides effective asset management, asset-centric access controls and risk management.

Since we reviewed Ele-mental Security's version 1.1, then called Elemen-tal Compliance System (August 2005), the product has matured and extended its capabilities, with support for new client OSes, risk management, support for ticketing systems and better LDAP integration.


SetupB+  
Our ESP server was preconfigured, but Elemental typically sends an engineer on-site to install the device and provide a rundown on features and usage. We were impressed with the ease of client agent installation, and getting the clients/servers running.

Agent installation simply requires giving it the address of the ESP server and answering one or two other questions, depending on the platform.

The client connects securely to the server, reports gathered information and downloads relevant policies. The server automatically gathers data about open ports and services to categorize hosts, and places them in groups that can be defined manually or imported from LDAP.

As a key to risk assessment, the ESP server assigns a value to the system, depending on what services it's running. These values can be overwritten.


EffectivenessB+  
The user interface is clean and functional. Pages are uniform, with all dropdown menus on the left side, navigational buttons for selecting your page at the top, and relevant page information, such as reports, or policies you are creating, in the middle.

But it can still use a bit more tweaking. For instance, during policy creation, if you click on rules for a closer look, they open on the same page, so there's no facility to backtrack to where you were. So we had to hit the backspace button, which erased any rules we had already configured. You can right-click on the link and open a new window to bypass that inconvenience.

ESP can be used as a basic asset inventory tool or a granular asset-centric access control solution, depending on policy. Policies can contain a variety of rules, from packet filters, to whether the user can install a piece of software, to rules that check for compliance with baselines (such as CIS, or HIPAA security requirements).

We defined some simple policies, such as denying access to secured hosts by unsecured hosts (hosts not running the agent), by naming the policy and adding rules. Some rules require additional configuration, such as ports for the network filters.


ReportingB+  
Reports can be created for any aspect of ESP for managers, and viewed on-demand or scheduled. You can view reports for each policy, as well as specific host groups under a policy.

The reports are easy to read and feature a variety of graphs and charts to effectively represent the information. Data can be exported to a variety of formats, including CSV and PDF.


Verdict
We are as impressed with the latest release of Elemental Security's tool for monitoring and continuously assessing the security posture of large, heterogeneous enterprises as we were with its early version.


Testing methodology: The system we received was preconfigured for our environment. In our tests we used a variety of OSes, including Windows, Mac OS X and Red Hat Linux.

This was first published in March 2007

Join the conversationComment

Share
Comments

    Results

    Contribute to the conversation

    All fields are required. Comments will appear at the bottom of the article.
    Back to top