Enterprise Configuration Manager
July 27, 2005
from $995 per server for Windows and Solaris, $695 for Red Hat Linux
- Ease of Use:
- Value for Money:
- Overall Rating:
Ensures that every connected machine meets predetermined standards and controls; helps to ensure legal compliance.
Quite expensive; management of mobile systems requires a separate product; needs a global portal to span all products.
Will take time to recoup, but does a lot of work normally allocated to several incompatible applications.
ECM started as a Windows inventory management tool, but has moved with the times. This release turns it into a systems policy management and compliance system for Windows, Solaris and Red Hat.
ECM covers a lot of ground, including vulnerability assessment, change management, compliance audit and remediation, access control, event consolidation, patch management, role-based access, and enterprise administration and automation. It's not surprising that the manual runs to more than 550 pages.
After collecting the data, ECM arranges it into various report dashboards displayed in a colorful browser window. The level of detail is comprehensive. From a policy management viewpoint, the most useful module handles compliance. This checks the configuration against the policy and flags non-compliant machines.
Obviously, the policy has to be kept current to ensure it keeps up with new software, updates, fixes and antivirus currency. This might be seen as a chore, but it pays back by ensuring no unapproved programs appear. It also helps to identify machines and track progress when there's a roll-out.
As with all inventory-based applications, installation takes some time. It is well automated, and most time is spent waiting for the initial data collection. It is a necessary evil, but gives a snapshot of the overall, possibly disorganized state of a network. Common features and omissions can be determined when developing policy templates for server roles and departmental systems.
The data collection system uses a small agent distributed to the network. The agents use DCOM; comms are secured using AES.
Configuresoft is also providing a series of templates for analyzing regulatory compliance to current customers through its secured support website. The templates have been formulated especially for legal compliance issues such as Sarbanes-Oxley and Basel II.
The only real gripe is with the manual. Page numbering starts is bizarre and contradictory – not something that you need with a manual this size.
SC Webcasts UK
Information Security Manager
Infosec People - Hammersmith, West London
Junior Penetration Tester, Hertfordshire, to £35k + benefits
Infosec People - England, Hertfordshire
Cyber Security Architect
CYBER EXECS - London (Greater)
SOC Analyst, Aldershot, £47-56k + package
Infosec People - Hampshire, England, Aldershot
Senior Security Engineer
Loveworklife Recruitment - United Kingdom
Sign up to our newsletters
SC Magazine UK Articles
- Tesco Bank allegedly ignored warnings of hack from Visa
- Investigatory Powers and Digital Economy Bills could threaten economy
- Updated: A million German routers knocked offline by failed Mirai botnet attack
- Microsoft update left Azure Linux virtual machines open to hacking
- Gooligan ad fraud malware infects 1.3M Android users, installs over 2M unwanted apps
- SC Awards Europe 2016 winners announcements!
- ISIS radicalises 'lone wolves' through strong social media presence
- Updated: How will Brexit affect the cyber-security industry in UK and Europe?
- ICYMI: CEO Sacked; MS Zero-day; Passwords dropped; Ransomware wild, charging hack
- 9.2 million medical records for sale on darkweb
- ICYMI: Tesco warned; IP Bill threatens economy; German routers offline; Azure trojan; Gooligan fraud
- Data centres are on the move - where will they end up?
- 90% of ITDMs believe IAM is crucial to digital transformation success
- Research: Hacked companies could see customer exodus if breached
- Misconfigured drive exposes locations of explosives used by oil industry