MANAGING ENTERPRISE SECURITY POLICIES – TOTAL NETWORK TRANSPARENCY
Effectively managing your organization’s security and regulatory policies requires a clear and current understanding of the state and activity of the users and computers that constitute your network environment.
Too Much Information Obscures The Big Picture
Security executives have too much data and not enough information from disparate sources, such as asset and inventory products, configuration and event management systems, network and host-based security scanners, log analyzers, and the like. They hope to weave all this data together to serve as a foundation for managing their security policy. However, this fragmented and manual process is expensive, resource and labor-intensive, and error-prone. The solution involves automating the acquisition and correlation of this mountain of data to help guide the management of appropriate security policies.
Effective Security Policies
The lack of a detailed and current view into the state of their organizations has traditionally forced security executives to base policy decisions on broader and more static parameters – which, at best, are supported by such measures as organizational affiliation, geographic location, system administrative groups and the like. However, such shotgun approaches fail to account for many aspects of individual users or machines that can have significant bearing on their own security as well as the security of other machines to which they may gain access.
In addition to lacking adequate detail about the activity and state of the network environment, conventional security views also often fail to adequately account for the perpetual state of change intrinsic to enterprise networks. This dynamism is solely due to increased utilization of mobile and wireless devices. It is inherent due to the constant flux in the employee and contractor populations, and is also created from technology refreshes, patches and updates, as well as reorganizations, mergers and acquisitions.
The Elemental Security Platform (ESP) provides the first and only security policy system built from the ground up to make the state and activity of users and computers totally transparent. The ESP agent (which runs on all major server and desktop operating systems and configurations) continuously gathers highly detailed information about the state and activity of its host machine and users. This data is comprehensive and includes such details as: Compliance level, OS and application configurations; a complete inventory of hardware, software, patches, and running processes; computer network activity; and user login activity.
Policies That Meet The Needs Of The Enterprise
The ESP solution not only provides an ongoing assessment of managed devices, but also continuously discovers and profiles rogue or unmanaged nodes. Equally important, the ESP provides a layer of automation that enables hosts and users to be dynamically grouped based on their state and properties, facilitating precise targeting and automated updates of policy deployments.
The resulting compliance metric enables security administrators to easily assess the security posture of users and networks, and make informed decisions about managing risk.
The transparency provided by the Elemental solution covers all major operational aspects of computers. It is the first and only solution that concurrently monitors a machine's inventory, configuration, and network traffic-all under a single unified policy umbrella. Some of the key information determined about machines on the network includes:
Inventory – The Elemental Security Platform continuously monitors each machine's installed software and hardware inventory. It quickly discovers changes, such as the installation or launch of a new application or device. This allows security administrators to readily spot anomalous activity and to implement policies to restrict the operation of machines to their intended business purpose.
Policies and Compliance – A key aspect of baselining and monitoring the state of machines involves determining their current compliance posture vis-à-vis industry accepted policies. These policies not only include standard best practices as designed by the CIS (Center for Internet Security) and NSA (National Security Agency), but also templates to address regulatory compliance challenges such as SOX, HIPAA, and PCI standards.
Host Configuration – ESP can identify a wide variety of configuration settings for a machine's operating system, including its applications, remote connectivity, processes and services, account and file permissions, file system content, and system performance.
Users – The Elemental solution makes it possible to have visibility into who is logged in and what users are doing across your entire network. This enables polices to be implemented in a manner that addresses the rights and responsibilities of different parts of the organization.
Network Traffic – The ESP agent continuously monitors traffic coming in and out of its host computer to identify machines, systems, and applications that are communicating on the network. The agent also passively listens to network traffic to expose, classify, and track unmanaged or unapproved machines.
The Bottom Line
Managing policy and risk in ever-changing enterprise networks requires current and in-depth understanding of individual machines
The Elemental approach to managing security policy addresses the key challenges of today's network security environment. ESP provides a unified policy framework that seamlessly bridges users, platforms, and computing functions. Its capability to dynamically group machines based on a comprehensive assessment of their properties and activities automates the provisioning of policies, thus assuring secure configuration and effective control of network access. And its deep view into individual machines, as well as aggregate computer groups, across your organization allows administrators to base policy decisions and controls on relevant business needs-a goal not readily achieved by security approaches that aggregate disparate systems and only consider certain pieces of the puzzle.
By maintaining not only a historical view but a clear, complete, and current view into the state of your computers and users, ESP enables you to deploy policies with precision and automatically update them as change occurs. Elemental uniquely provides a level of transparency that eases the security concerns of organizations.
- Implementing Role-Based Access Controls
- Protecting Data Against Compromise or Loss
- Unauthorized Host Containment
- Sarbanes-Oxley Compliance
- An Elemental Approach to Holistic Enterprise Security
The first and only solution that simultaneously monitors a machine’s inventory, configuration, and network traffic—all under a single unified policy umbrella