Focus: Risk/policy management
Product: Elemental Security Platform
Vendor: Elemental Security
Price: Management server, $35,000; desktop agent, $60; server agent, $600
The Elemental Security Platform (ESP) is a powerful tool for monitoring and enforcing system compliance, and provides effective asset management, asset-centric access controls and risk management.
Since we reviewed Elemental Security's version 1.1, then called Elemental Compliance System (August 2005), the product has matured and extended its capabilities, with support for new client OSes, risk management, support for ticketing systems and better LDAP integration.
Our ESP server was preconfigured, but Elemental typically sends an engineer on-site to install the device and provide a rundown on features and usage. We were impressed with the ease of client agent installation, and getting the clients/servers running.
Agent installation simply requires giving it the address of the ESP server and answering one or two other questions, depending on the platform.
The client connects securely to the server, reports gathered information and downloads relevant policies. The server automatically gathers data about open ports and services to categorize hosts, and places them in groups that can be defined manually or imported from LDAP.
As a key to risk assessment, the ESP server assigns a value to the system, depending on what services it's running. These values can be overwritten.
The user interface is clean and functional. Pages are uniform, with all dropdown menus on the left side, navigational buttons for selecting your page at the top, and relevant page information, such as reports, or policies you are creating, in the middle.
But it can still use a bit more tweaking. For instance, during policy creation, if you click on rules for a closer look, they open on the same page, so there's no facility to backtrack to where you were. So we had to hit the backspace button, which erased any rules we had already configured. You can right-click on the link and open a new window to bypass that inconvenience.
ESP can be used as a basic asset inventory tool or a granular asset-centric access control solution, depending on policy. Policies can contain a variety of rules, from packet filters, to whether the user can install a piece of software, to rules that check for compliance with baselines (such as CIS, or HIPAA security requirements).
We defined some simple policies, such as denying access to secured hosts by unsecured hosts (hosts not running the agent), by naming the policy and adding rules. Some rules require additional configuration, such as ports for the network filters.
Reports can be created for any aspect of ESP for managers, and viewed on-demand or scheduled. You can view reports for each policy, as well as specific host groups under a policy.
The reports are easy to read and feature a variety of graphs and charts to effectively represent the information. Data can be exported to a variety of formats, including CSV and PDF.
We are as impressed with the latest release of Elemental Security's tool for monitoring and continuously assessing the security posture of large, heterogeneous enterprises as we were with its early version.
The system we received was preconfigured for our environment. In our tests we used a variety of OSes, including Windows, Mac OS X and Red Hat Linux.
This review originally appeared in the March 2007 edition of Information Security magazine.