Security Policy Automation
Security policy lifecycle management
Automation of security policies is a key component of the Elemental solution. ESP admins develop policies simply by selecting from an extensive library of policy templates. Elemental also makes it simple to define target groups and automatically apply policies to all hosts in the group. As the activity of hosts and their security posture changes, group membership also changes automatically and the correct policies are applied accordingly, which makes the ESP system self-adaptive to a changing security context.
Unified Policy Infrastructure – ESP offers a unified framework for cross-platform security and regulatory policies spanning network traffic, operating system, users, hardware devices, applications and data.
Automated Targeting and Deployment – Dynamic grouping of computers based on ESP admin defined criteria describing the configuration, activity, and inventory of individual machines enable policies to be precisely targeted and automatically updated.
The Security Policy Implementation Gap
In a world where information has become too important to risk, IT professionals are increasingly assuming the role of risk managers. They must meet business needs while doing the best possible job of protecting their networks—because the loss or compromise of critical data or any interruption to communications can bring business to a screeching halt. In addition, they must protect the organization itself from risks associated with failing to maintain full regulatory compliance.
Whether it’s ensuring business continuity, better defending their critical assets, or becoming SOX or HIPAA compliant, security professionals readily understand these business-based IT goals. Their challenge lies in translating these broadly defined objectives into actual security states on the thousands of elements that comprise their networks.
The constantly changing environment of today’s enterprise networks compounds the problem. At any given time, administrators find it hard to know the true state of the countless individual machines and systems that are connected to their networks—and they can’t manage what they don’t know.
What if they could somehow achieve full knowledge regarding the state and activity of all these elements? Keeping track of the myriad changes, and manually checking and rechecking that the right security policies are on the right systems at the right time can introduce errors and is prohibitively time and resource intensive.
The security industry has responded to this dilemma by introducing a dizzying array of products designed to link business-based IT objectives with measurable results. However, these offerings have all targeted very narrow aspects of this enormous challenge. This siloed approach has driven administrators to attempt to manage security policies through organizational integrations and costly and resource-intensive manual workarounds. The result is a policy implementation gap that leaves most organizations exposed to significant risks.
Closing the Security Policy Gap
Any organization is only as secure as the degree to which it has achieved compliance with well-developed and comprehensive security policies (controls).
ESP offers a robust security policy library with several thousands of rules (security controls) and editable templates, which Elemental has derived from NSA, DISA, CIS, Microsoft, Oracle and other sources for best practices for general computing security, as well as for HIPAA, SOX, PCI and other government regulations and industry standards.
Administrators can select policies from this library to assess and implement the desired security state on all affected systems on their network, and get results within minutes.
Elemental reduces security threats and risks of non-compliance by making it easy to translate business objectives into well-developed policies, and express these across the network. A well-developed security policy is rooted in best practices, and:
- Takes into account business/organizational goals as well as the technical environment
- It allows for exceptions and is flexible enough to reflect business realities
- Provides a consistent set of metrics that support continued improvement in security process and practices
- Supports hierarchical expression of policies, i.e. enables a high-level overview supported by a detailed drill-down
- Is consistently implemented across computing platforms and organizational boundaries