NetIQ Secure Configuration Manager
Strengths: Many compliance templates already built in to the system. Solid overview dashboard
Weaknesses: Agent deployment could be more automated
Verdict: If compliance is your hotspot take a close look at this one
NetIQ Secure Configuration Manager allows for easy detection of misconfigured systems throughout the enterprise environment. It features the ability to assess system configurations against many compliance standards such as PCI DSS, HIPAA and SOX and across several platform and server types such as Windows, Linux, Unix, Microsoft SQL Server, Oracle and IIS.
Installation is quite simple and is done by running an executable installer on the machine that will become the server component of the system. After a short setup wizard the executable installs the server and the web-based management console.
When installation is complete all management is done through the management console, which is almost a blank slate that needs considerable configuration. The system works by deploying agents to client machines and then creating groups within the console to which the clients will be part of. Once groups are configured policy templates can be assigned to the groups and assessment can begin. We found the agent deployment guide to be very helpful in remotely deploying agents but we feel the deployment process should be more automated and seamless.
This product offered a lot of flexibility and the policy templates were a great starting point. The dashboard on the management console provides a good amount of information at a glance, including overall looks at the enterprise-wide compliance status. The policy templates can also be applied as they are or easily customised for the environment for a tailored fit to the compliance objectives.
Documentation provided includes installation, user and agent deployment guides. All are in PDF format and easy to read. There are no screenshots or diagrams to help visually illustrate configurations, but there are checklists and clear step-by-step instructions.
NetIQ offers basic no cost help in the form of 12/5 phone and email support. There is also a support area on the website that includes a user forum and knowledgebase at no cost. Additional support is available as part of an agreement, which includes 24/7 premium phone assistance.
At a price starting at £720 per server we find this product to be good value for money. The system can be customised to meet the needs of almost any environment and it provides a lot of compliance templates and reporting already built in.