ESP Security Posture
Security Posture Assessment provides Situational Awareness
While security professionals understand the business goals and realities that define the right policies, in a changing environment they find it hard to know the true state of the network. More than half the elements in a typical network are changing every year, people are revolving in and out of the organization at a rapid rate, and rogue machines, outsourcing, and consultants constantly inject unknown risks.
Elemental solves this problem by making every machine (physical or virtual) on the network transparent to security administrators.
The transparency provided by the Elemental solution covers all major operational aspects of computers. It is the first and only solution that concurrently monitors a machine's inventory, configuration, and network traffic-all under a single unified policy management framework.
Some of the key information determined about machines on the network includes:
Inventory – The Elemental Security Platform continuously monitors each machine's installed software and hardware inventory. It quickly discovers changes, such as the installation or launch of a new application or device. This allows security administrators to readily spot anomalous activity and to implement policies to restrict the operation of machines to their intended business purpose.
Policies and Compliance – A key aspect of baselining and monitoring the state of machines involves determining their current compliance posture vis-à-vis industry accepted policies. These policies not only include standard best practices as designed by the CIS (Center for Internet Security) and NSA (National Security Agency), but also templates to address regulatory compliance challenges such as SOX, HIPAA, and PCI standards.
Host Configuration – ESP can identify a wide variety of configuration settings for a machine's operating system, including its applications, remote connectivity, processes and services, account and file permissions, file system content, and system performance.
Users – The Elemental solution makes it possible to have visibility into who is logged in and what users are doing across the network. This enables policies to be implemented in a manner that addresses the rights and responsibilities of different parts of the organization.
Network Traffic – The ESP agent continuously monitors traffic coming in and out of its host computer to identify machines, systems, and applications that are communicating on the network. The agent also passively listens to network traffic to expose, classify, and track unmanaged or unapproved machines.
This awareness of network elements and activity enables administrators to:
- > Automatically configure machines in accordance with regulatory requirements and security best practices
- > Assure that only approved hardware and software have access to key systems
- > Discover and contain new machines coming on the network
- > Restrict the ability of unauthorized or non-compliant machines to harm critical resources