News
In the News
Startup Preaches Compliance Without the Consultants
By Kevin Murphy
April 13, 2005
Courtesy of Yahoo News
Elemental Security Inc came out of stealth mode last week with a set of host-based security software the firm says can help companies comply with their internal security policies and external regulatory pressures.
The company is backed by about $10m in venture capital and some recognizable names, including CTO Dan Farmer, of SATAN fame, and CEO Peter Watkins, who was once COO of Network Associates Inc.
The firm has now started selling the Elemental Compliance System, an agent-server suite that Elemental says combines policy management, host configuration and network access control functions in one package.
Talking to enterprises, theres a gap between the security policies they have written down and their security status, said Ram Krishnan, vice president of marketing. The way they typically address this is bringing in a small army of consultants once a year.
Using the Elemental software, security administrators create policies that are pushed out to their endpoints, where they are enforced. Policies could say that a host has to be configured in a certain way, or that a PC is allowed to access one server but not another.
The system resembles the kind of thing that is hoped to be achieved with Microsoft Corps planned Network Access Protection program and Cisco Systems Incs half-finished Network Admission Control initiative.
But whereas Cisco NAC envisages a system where a policy server tells a switch to deny access to one set of servers to one set of endpoints, in Elementals system the servers and the clients know that they are not allowed to talk to each other.
One of the issues with NAC is that if someone can get around it, the whole network is exposed, Krishnan said. Elemental, a NAC interoperability partner, takes the same line as host-based IPS vendors take when they argue with the network-based IPS vendors.
While the company is but one voice in a chorus of tech firms bellowing out the compliance marketing song, Elemental reckons it is in tune. Its hook is a policy language, Fuel, built by a team led by Python author Guido van Rossum.
Krishnan claims that Fuel closely resembles how policies would be written in plain English, and that no programming experience is needed to use it. Persuading customers, reluctant to learn another language, of that will be important.
The first version of the software ships with 1,700 common policy rules to choose from. New ones will be added, and at some point APIs will be opened to allow customers to write their own rules.
Elemental touches on several markets, such as patch management (where the firm is seeking a partner) and network management, but Krishnan said he thinks Elemental competes most directly against policy management vendors such as BindView and NetIQ.