Information Security

Defending the digital infrastructure


Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Product review: nCircle Configuration Compliance Manager

nCircle Configuration Compliance Manager brings policy compliance and secuirty management into one centralized software suite. It provides vulnerability scanning via third-party scanners such as Nessus. This product review rates the software's ease of installation, features and effectiveness.


nCircle Configuration Compliance Manager

Price: Management server, $20,000, plus $199 per monitored server, $199 per network device and $49 per other assets



Riding herd on the integrity of your security infrastructure is not an option--it's a necessity. But keeping your IT assets in compliance in a large, complex environment is daunting without automated tools. nCircle Configuration Compliance Manager (formerly Cambia CM prior to nCircle's acquisition of Cambia Security in May) brings policy policy compliance and security management together into one centralized suite, helping cut the job down to size.

Configuration/Installation B+  
Installation is straightforward, either on a single server or multiple systems. nCircle's agentless technology simplifies the process.

Configuration Compliance Manager accepts data from nCircle's IP360 solution, as well as third-party vulnerability assessment scanners, such as Nessus, IBM ISS Internet Scanner and QualysGuard, allowing you to integrate existing tools.

Features and Interface A  
Configuration Compliance Manager is a deep product with a lot of features. It finds assets on your network, either actively or using its passive detection technology, identifying hosts and determining basic information, such as OS and open ports.

The efficient management console presents three primary tabs to a paned interface. The changes pane contains the aggregate of the latest alerts. The inventory section lists all network assets, broken down by subnet range. The compliance view is similar to inventory, but adds columns for compliance with applicable policies, both pass/fail and by percentage.

Effectiveness B+  
Configuration Compliance Manager assesses systems against predefined policy, vulnerability assessments and several other options, such as spider-like scans of Web servers, in response to events or at predefined times. It monitors files for activity, and tracks file attributes, runs MD5 checks for integrity and issues alerts when changes are detected.

We were impressed with the product's asset inventory capability, identifying and collecting detailed information on each system. For example, on Windows machines, nCircle reported every piece of installed software, users, groups, services running, shares available and updates installed. For instance, it can check for the latest AV version or unauthorized apps.

We configured Configuration Compliance Manager to reactively scan a host with Nessus, and issue a policy compliance check whenever target files were modified. Many other events can trigger tasks, such as finding new assets, or starting a task when a previous one has finished. You can also schedule scans and set tasks by single host or by group.

Compliance starts with predefined policies for various OSes. Creating policies from scratch can be daunting, but nCircle can automatically create policies from "gold standard" machine configurations.

nCircle has included a PCI compliance policy, and said it was planning to include HIPAA and SOX policies in upcoming versions.

Reporting B+  
Reporting is critical for compliance tools, and nCircle's is thorough and easy to generate. Reports can include asset and file changes, vulnerability reports, installed software, risk trends, etc. They are easy to read and have colorful charts as well as technical breakdowns. Reports can be exported in .pdf, Excel, Crystal Reports, Word and RTF formats. Configuration Compliance Manager also integrates with the Remedy ticketing system.

nCircle Configuration Compliance Manager is a compelling package that rolls policy compliance and vulnerability detection into one usable package.

Testing methodology: We tested nCircle Configuration Compliance Manager in our lab, including Windows (XP, Server 2003), Linux and Solaris systems, and Cisco networking devices.

Article 5 of 13
This was last published in June 2007

Dig Deeper on Security industry market trends, predictions and forecasts

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

Get More Information Security

Access to all of our back issues View All