News
In the News
Elemental Security Platform
Agent Based Host Security Policy Compliance and Management
May 17, 2005
Courtesy of enterpriseITplanet.com
The flagship offering from Elemental Security, the Elemental Security Platform (ESP; originally known as the Elemental Compliance System) is a server and agent-based software platform that provides security administrators with the ability to create, deploy, monitor, and enforce security compliance policies on both servers and workstations throughout their network. The platform consists of both a central server (Red Hat Linux, Solaris) that provides the policy creation, management, and reporting components; and the individual agents (Windows 2000/XP/2003; Red Hat; Solaris; HP-UX; AIX; Mac OS X) that are loaded on and execute continuously within the host machine itself and communicate compliance information (via encrypted connections) with the server. Each server can support up to 10,000 Elemental ESP hosts. Hosts that are determined to be non-compliant can be quarantined and blocked from network communications (with a message displayed to the user directing them to remediation information) and alerts can be generated via SNMP traps for administrative personell.
In addition to enforcing security policies on and between machines protected via the software Agent, the agent-enabled hosts themselves listen to broadcast traffic on the network and employ passive techniques to identify hosts that are not agent protected and the basic characteristics of those hosts. Based on the information gained, these hosts can be placed in various groups (e.g., server group) and policies can be applied to Elemental agents to provide access control to those non-protected hosts; i.e., hosts that are running the agent can automatically deny communications to those hosts that are not running the agent.
A key feature of the Elemental platform is the "FUEL" policy implementation language; a Python-based cross-platform language that implements the vendor's defined rules, which are gathered by the user administrators (via an interactive user interface) into policies. According to the vendor, the security policies themselves--collections of rules and other policies--are created by the administrator without requiring programming, using a method similar to the way a policy would be documented in a security manual. Because the security policies are platform independent they can be defined without requiring specific knowledge of the implementation of the policy on each supported agent operating system. Policies can be deployed to hosts on a group basis; the vendor notes that the latest release of the product ships with over 2,000 rules as well as multiple policy templates that can be readily accessed and if necessary edited. Policy templates are available based on regulatory compliance (SOX, HIPAA, PCI) and 3rd party best practices (CIS, NAS, NIST, DISA, Microsoft, and Oracle).
Elemental hosts feature the ability to dynamically classify themselves into groups based on recognized parameters of the host itself (operating system, behavior, location, etc.). As parameters of the host change, their group assignments for purposes of policy compliance is automatically adjusted every few minutes.
New features of the latest ESP release include expanded platform support (Agent support for additional UNIX flavors and Mac OS X, Server support for Solaris); the ability to grant rule exceptions; and policy support for "leading" anti-virus and anti-spyware applications.
Licensing is based on the number of server/desktop agents required. The policy server runs for $60,000; approximate agent pricing is $600/each for Enterprise (server) agents, and $60 each for Standard (desktop/laptop) agents. Bulk pricing is available, the vendor notes that a deployment with 1 server and 500 agents runs for about $100,000.