Price: $1/endpoint/month, $1,500 administration set-up fee
|FullArmor's FullArmor PolicyPortal|
FullArmor fuses security software and a powerful managed infrastructure to offer Windows security policy and configuration management to the SMB market.
The FullArmor PolicyPortal enables small- and mid-sized Microsoft shops to manage their Windows security policies and local configurations without expensive infrastructure or complex software installations. The novel approach offers a new slant on managed security service--or, more accurately, hosted software sold as a service.
FullArmor provides an Internet interface to easily configure, monitor and enforce near real-time Active Directory-based policy compliance through client agents.
The installed agents can enforce multiple policies; for instance, you could create one policy for all publicly facing DMZ systems, another for all remote dial-in laptops, one for guests and one for workstations. Each of these policies is enforced on its own merits and can be individually reported or part of a birds'-eye enterprise view.
The Web-based GUI makes it easy for non-techies to download and become compliant in literally a matter of minutes. The agents have small footprints and are installed with familiar wizards. All clear-text user communication has strong SSL encryption, while all binary traffic is digitally signed with a VeriSign certificate.
The endpoint policies work as advertised, allowing an administrator to create rules that enforce and lock down Windows systems. The policies can include password and audit policy information, specific registry configurations, the ability to install particular software, and user access control; you can even configure an endpoint's network devices to include printers and network drives--a good way to prevent the introduction of rogue devices on the network. New or modified policies can be immediately pushed to online devices or stored in a queue for those that are offline.
The agents can also control computer services, automatically starting, stopping or prohibiting them from running, even if the system is not logged into the network or connected to the Internet. This type of control is usually enforced via logon scripts when you are in a corporate environment.
You can manage local Microsoft Windows group policy objects for Windows 2000, 2003 and XP operating systems. The next version of PolicyPortal will support Windows Mobile.
- Low cost
- Easy to install and implement
- Wide policy options
- No report exports
PolicyPortal's enterprise reporting capabilities are clean and comprehensive when viewed through the Web GUI. Executive-level graphs are easy to create, as are technical reports that drill down into the exact compliance issues. However, PolicyPortal does not support exportable reports to include XML, CVS or PDF formats. Printable reports are limited to printing the viewed Web page. FullArmor is planning to include enhanced reporting in the next release.
PolicyPortal also has the ability to manage Kiosk-style or ATM Windows-based platforms, making it ideal for large or highly segmented retail organizations. Delegated administrator accounts can also be created to help manage distributed organizations.
While PolicyPortal may not be ready to step up to the plate for a Fortune 500 customer base, it offers an ideal setup for those small- and medium-sized organizations that are intimidated by complex AD implementations and don't have large wallets. FullArmor is a company to keep an eye on over the next year.
More information from our sister site SearchSecurity.com
Visit our resource center for tips and expert advice on configuration management.
--JAMES C. FOSTER
Dig Deeper on Penetration testing, ethical hacking and vulnerability assessments
Avoiding access issues with Microsoft Network Access Protection
BYOD policy basics: Defining and enforcing a successful policy
How to make an enterprise service bus work for your SOABy: Todd Biske
Understanding Microsoft's Network Access Protection's internal and external componentsBy: Greg Shields