FullArmor PolicyPortal
FullArmor
Price: $1/endpoint/month, $1,500 administration set-up fee
The FullArmor PolicyPortal enables small- and mid-sized
Microsoft shops to manage their Windows security policies and local
configurations without expensive infrastructure or complex software
installations. The novel approach offers a new slant on managed
security service -- or, more accurately, hosted software sold as a
service.
FullArmor provides an Internet interface to easily configure,
monitor and enforce near real-time Active Directory-based policy
compliance through client agents.
The installed agents can enforce multiple policies; for
instance, you could create one policy for all publicly facing DMZ
systems, another for all remote dial-in laptops, one for guests and
one for workstations. Each of these policies is enforced on its own
merits and can be individually reported or part of a birds'-eye
enterprise view.
The Web-based GUI makes it easy for non-techies to download and
become compliant in literally a matter of minutes. The agents have
small footprints and are installed with familiar wizards. All
clear-text user communication has strong SSL encryption, while all
binary traffic is digitally signed with a VeriSign certificate.
The endpoint policies work as advertised, allowing an
administrator to create rules that enforce and lock down Windows
systems. The policies can include password and audit policy
information, specific registry configurations, the ability to
install particular software, and user access control; you can even
configure an endpoint's network devices to include printers and
network drives -- a good way to prevent the introduction of rogue
devices on the network. New or modified policies can be immediately
pushed to online devices or stored in a queue for those that are
offline.
The agents can also control computer services, automatically
starting, stopping or prohibiting them from running, even if the
system is not logged into the network or connected to the Internet.
This type of control is usually enforced via logon scripts when you
are in a corporate environment.
You can manage local Microsoft Windows group policy objects for
Windows 2000, 2003 and XP operating systems. The next version of
PolicyPortal will support Windows Mobile.
PolicyPortal's enterprise reporting capabilities are clean and
comprehensive when viewed through the Web GUI. Executive-level
graphs are easy to create, as are technical reports that drill down
into the exact compliance issues. However, PolicyPortal does not
support exportable reports to include XML, CVS or PDF formats.
Printable reports are limited to printing the viewed Web page.
FullArmor is planning to include enhanced reporting in the next
release.
PolicyPortal also has the ability to manage Kiosk-style or ATM
Windows-based platforms, making it ideal for large or highly
segmented retail organizations. Delegated administrator accounts
can also be created to help manage distributed organizations.
While PolicyPortal may not be ready to step up to the plate for
a Fortune 500 customer base, it offers an ideal setup for those
small- and medium-sized organizations that are intimidated by
complex AD implementations and don't have large wallets. FullArmor
is a company to keep an eye on over the next year.
This article originally appeared in the June 2006 edition of
Information
Security magazine.