ELEMENTAL CYBER SECURITY PLATFORM
Manage risk with a holistic approach to cyber security, compliance and system trust relationships
By automating the many actions required for effectively managing security policies, the Elemental Security Platform improves effectiveness, reduces costs, and enhances productivity of IT security administration. The ESP system implements security policies consistently across heterogeneous operating systems and throughout the multiple operational layers of networked computers. It monitors the configuration, usage, network activity, and inventory of all managed machines running the ESP agent, therefore continuously assessing, implementing and adjusting the security posture of these systems by deploying new policies in order to self-adapt to changes. It also provides automatic discovery and classification of unmanaged machines.
Business Aligned Security
The Elemental server and agent components implement security policies consistently across heterogeneous operating systems and throughout the multiple operational layers of networked computers. The Elemental system continuously monitors the configuration, usage, network activity, and inventory of all managed machines running the Elemental agent. It also provides automatic discovery and classification of unmanaged machines.
The ESP leverages this detailed visibility into the network to automatically and continually assess the value and risk of systems. The resulting risk adjusted view powers an automated policy management infrastructure that is tightly and demonstrably aligned with the requirements and goals of the business including: protecting customer data, securing intellectual property, demonstrating regulatory compliance and ensuring business continuity.
Security Policy Management
The Elemental security policies, which are based on accepted industry best practices, address strategic security management initiatives such as: configuration management, inventory control, restricting network communications both within the network as well as across the perimeter, and preventing against the loss or theft of data. The Elemental solution comes with several thousands of individual rules (security controls) and an extensive set of user-editable policy templates for security benchmarks, regulatory requirements, and security best practices.
Unified Policy Infrastructure – A unified framework for cross-platform security and regulatory policies spanning network traffic, operating system, users, hardware devices, applications and data.
Automated Targeting and Deployment – Dynamic grouping of computers based on user defined criteria describing the configuration, activity, and inventory of individual machines enable policies to be precisely targeted and automatically updated.
Extensive Policy Library – The Elemental Security Platform ships with more than 2000 individual rules, plus an extensive array of editable, pre-defined policy templates for:
- OS and application security baselines: NSA, CIS, NIST, DISA, and Microsoft
- Regulatory requirements: SOX, PCI, HIPAA, FISMA, GLBA
- Access controls to regulate network traffic between users, systems, and groups
- HW / SW inventory and activity controls
Protect Critical Resources
Identifying and Containing Unauthorized Systems –Integrated host-level access controls ensure access is denied-whether these unauthorized systems are unknown machines discovered on the network, or known machines that have fallen out of compliance with required polices.
Layered Protection – As a value-add compliment to infrastructure level network admission control solutions ESP provides highly targeted, granular, and always-on host level access controls that ensures only secure and authorized machines are granted access to critical systems.
The ESP programmatically determines the value and risk of machines based on a myriad of observed characteristics, roles, behavior, and usage information. The ESP quantifies the value and risk of all machines on the network, both managed and unmanaged, through the analysis of factors including compliance, trust, system properties, the type and volume of networking activity, stored information, and the roles of machines and users. This capability identifies high value and at-risk systems enabling organizations to identify, mitigate, and manage IT risks.