Product Group Tests

Policy management (2009)

by Michael Lipinski October 01, 2009
products

GROUP SUMMARY:

Our Best Buy this month is Kaseya 6, providing very strong enterprise endpoint management.

Good functionality and ease of use make AlgoSec Firewall Analyzer and FireFlow our Recommended buy.

There's something to like in each of these seven sets of tools under review. By Michael Lipinski.

Securing the enterprise is a never-ending challenge. The dynamic nature of business requires constant changes to host-based systems, user workstations, network equipment and security systems. Even well-staffed IT departments will be challenged to validate every configuration to corporate policy, test and deploy all patches in a timely fashion and validate end-to-end accuracy of all the security controls deployed.

In almost every audit I conduct, without fail, the audit turns up exactly what was guaranteed to be blocked, secured or restricted. It is the "what you don't know" that will end up burning you.

Not every organisation can employ a seasoned security professional with the knowledge to maximise security posture and performance throughout the enterprise. Even if you have the skilled personnel, time constraints will challenge their ability to document, assess, remediate and report on compliance relating to enterprise policy enforcement.

Policy management is a challenge for most organisations. Periodic review of configurations, vulnerabilities, patches, and server, user, network and security rules is demanding. Now let's require that task to be real-time validation of enterprise security posture as it relates to corporate policy. Corporate governance, compliance requirements and regulatory bodies require us to do this. Luckily, there are tools to help us address this challenge and in this month's review we are looking at policy management solutions. These products provide the tools for managing, enforcing, auditing and reporting on various security and network system configurations and patch levels.

We looked for products used to enforce configuration policies to devices in an enterprise. This could include network, security, encryption/software configuration, and hardware configuration of any devices in the enterprise.

Such products should be able to audit devices against a policy created by an administrator, as well as allow policy changes to devices from a centralised console. They had to address compliance management. We also looked for centralised management capabilities, compliance reporting, risk management and centralised auditing, alerting and reporting.

How we tested
Our testing methodology used vendor-provided, web-based access to their systems. Vendors were allowed to give a short presentation on their company, its product features and value proposition and to describe the implementation process a typical end-user would experience. We then ran a full demonstration of the products, deploying our usual criteria. We asked participants not only to demonstrate the features and capabilities of the offering but also to run through a typical deployment scenario.

The solutions reviewed consisted of client-side software deployments (usually server software and agents), appliance-based solutions - or combinations of both. We reviewed solutions that focused on the security products (ie firewalls, IDS/IPS systems), others that were endpoint-focused and some that spanned security, network and endpoint products. Some were very good at managing the assets and the vulnerabilities and patches on that asset. Others had good compliance and risk reporting capabilities. Yet others addressed the challenge of managing large numbers of security and network systems and synchronising
the configurations of each as policy changed.

Although these products offer a great service, it is important to consider their impact on your environment before choosing a vendor. Most of the solutions are agent-based and require some level of additional overhead on endpoint resources and network infrastructures. The agent size and performance and network load requirements should all be evaluated before your choice.

For the solutions providing knowledge-based decision support, such as risk management and compliance reporting, it is important to look into the service, update and support capabilities of each vendor to ensure timely updates for their reference data.

There is no magic wand for security and risk management. Defence in depth is still the governing best practice and people and process are essential components of that strategy.

These solutions have evolved in maturity to deliver a usable set of tools for tackling the policy, risk, compliance and patch-management challenges facing most organisations.

I enjoyed this set of reviews. I found something I really liked in each of the products we looked at.

SC Webcasts UK

Sign up to our newsletters

FOLLOW US