Product - The Elemental Security Platform

The first integrated system for enterprise policy and risk management

Frequently Asked Questions

SOLUTION OVERVIEW

SYSTEM OVERVIEW

INTEROPERABILITY

POLICIES

FEATURE/FUNCTIONALITY

ACCESS CONTROL



SOLUTION OVERVIEW

What does the Elemental Security Platform do?

The Elemental Security Platform (ESP) helps you identify and resolve security and compliance problems in dynamic enterprise networks. ESP allows you to easily specify custom security policies, then it will automatically apply them as and where they're needed. ESP closely aligns security policy management with business objectives by providing deep visibility into the security posture and activity of individual computers. ESP provides unified monitoring and remediation capabilities, to ensure compliance with your security policies, to mitigate risk, and to measurably improve the security of computing resources.

Back to Top

What is unique about Elemental Security's ESP solution?

ESP uniquely combines policies which address host configuration, inventory, and network access control into a single unified policy framework. ESP provides more than 2000 rules and an extensive array of policy templates which you can combine and extend to express your own custom security policies. Dynamic grouping of hosts according to shared attributes, powered by continuous monitoring of hosts on the network, enables organizations to reduce the effort and minimize errors of manual policy provisioning. The unified policy framework provides comprehensive and continuous monitoring for compliance, and provides a means of controlling the security posture of machines on the network.

Back to Top

Why is visibility into the network environment important?

In addition to gathering extensive information about the configuration, inventory, and network activity of machines running the ESP agent, ESP also discovers and passively profiles any unmanaged machines that may be observed on the network. This deep visibility enables ESP to dynamically group machines based on business roles and common characteristics of users and computers. By continuously updating this information and dynamically rebuilding host group memberships, ESP always provides you with an accurate map of the ever-changing network environment. This layer of automation enables organizations to efficiently manage security policies by quickly identifying changes or anomalies in the network. ESP enables precise targeting and automatic updating of security policies.

Back to Top

What is the role of access control in the Elemental ESP?

Host level access controls are a key part of the ESP solution. The ESP agent can block or permit traffic to restrict communications between hosts on the network in accordance with your security policies. For example, you can deny access to critical resources if a requesting system does not meet certain compliance requirements, and you can have different access control policies for different resources. By leveraging its deep visibility into the roles and security posture of computers and users, ESP enables simple implementation of role based access controls that automatically adapt to changes in the network environment.

Back to Top

What security problems does ESP address?

Some key uses of the ESP system include the following:

  • Provides centralized, in-depth visibility into the state of individual computers
  • Automates compliance with SOX, PCI or HIPAA requirements
  • Reduces frequency of SOX audits via automation
  • Protects sensitive resources from unmanaged, unknown or non-compliant systems
  • Provides a consistent security solution for distributed, cross platform enterprises
  • Monitors and enforces policies on end-user's computers on an ongoing basis
  • Automates the ops team's system hardening manual
  • Establishes baselines and metrics for managing and improving the current state of security
  • Restricts access to network resources based on host configuration or policy compliance
  • Prevents the unauthorized copying of files to writeable and external storage devices

Back to Top

What are the key benefits offered by ESP?

  • Reduces time and cost for audits
  • Decreases the time and effort to monitor and enforce policies
  • Prevents security incidents and their associated costs
  • Detects anomalies and identifies high-risk assets
  • Provides metrics to measure the security and compliance posture of systems
  • Mitigates risks associated with unknown and non-compliant systems

Back to Top

How does Elemental Security's ESP help in meeting internal and regulatory audit requirements?

The Elemental Security Platform (ESP) can perform quick, standardized evaluations of compliance with complicated regulatory laws and standards. Moreover, you can customize those evaluations to your own organization's needs, including where and when the security policies apply. You can tailor the content and target the deployment of policies to support the business objectives of the organization.

Back to Top

What factors should I consider when evaluating policy management products?

Enterprise security infrastructure and requirements are continually evolving. Some key questions to consider when evaluating policy management products include:

  • Will the solution adapt to my changing needs? Is it flexible enough to solve not just the problems I know I have now, but also those I will face in the future?
  • Can I use the solution across much of my infrastructure? Can the solution give me visibility into all my network assets, even those I don't already know about?
  • Do I need to put an agent on every machine, or can I achieve my policy objectives through partial deployments?
  • Does the solution reduce the effort required to manage policies across the organization?
  • Are there cost savings that result from its implementation?

Back to Top


SYSTEM OVERVIEW

What platforms do the ESP server and ESP agent run on?

  • Server runs on Red Hat 9, RHEL 2.1, 3.0, 4.0, and Solaris 10
  • Agents run on Windows2k, Windows XP, Windows 2K3, Red Hat Linux 9, Red Hat Linux Enterprise 2.1, 3 and 4, Sun Solaris 8, 9 and 10, HP-UX 11.i, IBM AIX 5.2 / 5.3, and Mac OS X

Back to Top

What management interface is provided?

  • Management is completely web-based. System can be managed from any network connected computer with an appropriate web browser (Internet Explorer, Mozilla, Firefox). Management traffic is encrypted using SSL.

Back to Top

How do the agents and server communicate?

  • All communications are initiated from the Agent side. Agents check in on a specific port on a periodic (minute or two) basis and, if there is any data exchange required, establish a secure (SSL/TLS) connection on a second port where data transfer occurs.

Back to Top

Can ESP users be granted specific privileges?

  • Yes - the user interface provides for fine-grained role-based privileges that are granted on a per user basis.

Back to Top

Does your product provide an embedded database?

  • No - our product uses Oracle 9i or 10g Enterprise Edition. Elemental will provide the Oracle license as separate line item if requested.

Back to Top

What are the minimum hardware requirements for the ESP server?

  • For Red Hat Linux systems:

Resource 1 - 500 Agents 500 - 5000 Agents > 5000 Agents
CPU 1 - 2 CPUs 3GHz 2 - 4 CPUs 3GHz 4 - 6 CPUs 3GHz
RAM 1 GB 2GB 4GB

  • For Sun Microsystems Hardware:

Resource 1 - 500 Agents 500 - 5000 Agents > 5000 Agents
CPU 1 CPU 550 Mhz
SPARCv9 		2 CPUs 550 Mhz
SPARCv9 		4 CPUs 550 Mhz
SPARCv9
RAM 1 GB 2GB 4GB

Back to Top

How are the server and agent upgraded?

  • The ESP Server is upgraded using the standard software installation mechanism (RPM or pkgadd).
  • Agent upgrades are handled by the ESP server. Agent upgrades are transparent to end users and can be performed on individual machines or groups of machines.

Back to Top

Do I need to have agents installed on every host?

Agents are required only on machines on which configuration or inventory management policies will be implemented. The ESP system supports partial deployments whereby the agent machines passively detect and classify unmanaged machines. Policies can be deployed to limit communication between these unmanaged machines and the rest of your network.

Back to Top

INTEROPERABILITY

Can I use my existing directory services in managing policies?

ESP can group hosts based on Active Directory user and computer groups. These groups enable user level configuration and access control policies to be easily implemented.

Back to Top

How is the ESP agent software deployed?

The ESP agent can be installed locally in a simple one-touch install, or can be deployed to multiple hosts using distribution platforms such as Tivoli, SMS, AD/GPO.

Can I issue alerts or send notifications to administrators

Yes - ESP integrates with standard SNMP systems and will send traps on selected non-compliance events.

Back to Top

POLICIES

What is a Rule?

An ESP Rule is the most basic element of a policy within the Elemental Security Platform. Rules address specific host configuration settings and/or network access control security requirements.

Back to Top

What is a policy?

A Policy is a collection of rules and other policies.

Back to Top

What kinds of policies are supported?

ESP provides pre-configured policies for both Regulatory Compliance (SOX, HIPAA, PCI) and Third Party best practices (CIS, NAS, NIST, DISA, Microsoft, and Oracle).

Back to Top

Can I create custom policies?

Yes - the ESP management interface provides a visual policy editor that makes it simple to customize policies to meet your specific requirements.

Back to Top

Can exceptions be granted to policies?

Exceptions can be granted on a individual basis for any rule. Granted exceptions will not skew compliance metrics.

Back to Top

What is your policy language? What are the advantages of a language-based approach? Do I need to learn a new scripting or programming language to use your product?

The Elemental policy language is called FUELT - it is based on Python and is easily portable across platforms. However, you do not need to know the FUEL language in order to use the ESP rules and policies. Only the rules are implemented in FUEL; you define policies using the interactive user interface to select rules that have been implemented by Elemental. The language enables highly efficient agent/server communications, provides a very tight coupling between the monitoring and automated enforcement of policy rules, and enables policies to be easily expressed in a manner consistent with how they are written down in enterprise policy manuals.

Back to Top

How are new policies added to an Elemental ESP installation?

Elemental provides policy content updates on a periodic basis for all customers with current maintenance and support contracts. Content is delivered in the form of XML files and is easily imported into the ESP system through the management interface. A Test Space enables users to stage and test new and updated policies before moving them into the Production Space for general use.

Back to Top

FEATURE/FUNCTIONALITY

How are policies targeted and deployed?

Policies are deployed to sets of hosts that are defined using the ESP Dynamic Grouping feature. The system ships with an extensive collection of host groups which can be used immediately. Users can also define custom groups based on the roles of users and machines, the security posture and inventory of computers, and the activity of machines on the network.

Back to Top

Why is change in the network environment an important consideration in managing policies?

Policies are typically static in nature. Applying and measuring compliance with stated policy is a simple exercise in a non-changing environment. Practically speaking, however, modern networks have an alarmingly high monthly turnover rate (systems being retired, re-tasked, and/or new machines and applications coming on the network). Managing and accurately measuring host configuration and network access in this dynamic environment is nearly impossible without automation.

Back to Top

What automation is enabled by ESP.

The Dynamic Grouping of hosts enabled by the ESP system automates the targeting, provisioning, and updating of policies. As group memberships change, policies are automatically updated. Both host configuration and Network Access Control policies benefit from this automation.

Back to Top

What is Dynamic Grouping?

Dynamic Grouping is the process by which ESP manages membership of host groups (sets of systems) based on specific attributes. An example would be, "all Dell Laptops that are wireless and have writeable USB media, that are running Windows XP, and on which a member of the Finance AD user group is currently logged in." The ESP Dynamic Grouping mechanism allows you to define groups of systems based on these (and many other criteria), with group membership dynamically updated as machine configurations, and logged-in-users, change. Based on the information continually gathered by the ESP agents, the membership of these groups is refreshed every few minutes.

Dynamic groups provide three basic functions:

  • Targeting and automated provisioning of policies
  • Simple expression of policies to limit network communications between groups of systems
  • Targeted reporting

Back to Top

How is inventory classification used in managing policies?

The ESP Agent collects a comprehensive hardware and software inventory from the host on which it resides. This data can be used to define host groups (based on the presence, or absence, of specific applications, files, patches, CPU type, hardware devices, etc.). The host groups can then be used as targets for policy deployment. Change in inventory can also be used to automatically trigger access control requirements. For example, a policy might be deployed to prohibit the installation of an instant messaging application. If the policy is violated, the ESP agent will deny access to certain specific resources that you have defined.

Back to Top

Can the Elemental system provide security for hosts not running the ESP agent?

Yes. The ESP Agent serves three general purposes:

  • Host configuration management
  • Network Access Control (packet filtering)
  • Passive network listening

The third feature enables the ESP Agent to passively detect unmanaged machines on the network and classify them to identify network behavior and host details. Based on this classification, the ESP system can dynamically group these unmanaged machines along with managed machines. By deploying network access control policies to the machines that are running the agent, ESP can control what these unmanaged systems are able to do on the network. This is possible because the Elemental access controls are implemented at the host level, meaning that communications with managed hosts can be restricted by controlling just one side of the communication.

Back to Top

Does the ESP Agent work when the host is not connected to the local network?

Yes. The Agent will continue to monitor/enforce the last policy data it received from the server. ESP allows you to apply policies to systems based on their location when connecting to the network, as well as the type of interface being used.

Back to Top

How can ESP help protect sensitive information?

ESP offers a broad spectrum of policies to protect sensitive information. Some examples include:

  • Limit network connections to key systems
  • Prevent the use of writeable media on end user machines
  • Restrict traffic from end user machines going to outside destinations (IM, P2P, ftp, external mail servers, etc.)
  • Control file and directory permissions
  • Verify file integrity and contents

Back to Top

How does ESP remediate policy compliance violations?

ESP can enforce policy rules. Example - file x should have permissions y. If a (privileged) user changes the permissions on the designated file, ESP will first report non-compliance and then automatically set permissions back to what were originally dictated by policy.

Back to Top

What kinds of reports are provided?

All data is stored in a full-featured relational database. There are extensive predefined reports that can be run directly or scheduled to be run on a periodic basis. Reports can be viewed directly in the UI, exported to CSV or XML format, rendered to printable format, or optionally emailed to specific recipients.

Back to Top

ACCESS CONTROL

How does ESP control access to key systems?

The ESP system implements access control policies at the host level. The ESP Agent runs at the kernel level and monitors all packets in and out of managed machines to assure they conform to policy. Non-compliant traffic is detected and reported, and, optionally, can be blocked. The access control policies can be expressed using the ESP Dynamic Groups, e.g. "Only Finance users can connect to SAP ERP servers." This enables adaptation of access control policies according to changes in the environment as host group memberships are updated.

Back to Top

Is an inline appliance required to control how a host communicates with other hosts on my network?

No, access controls are monitored and controlled at the host level. The access controls implemented on a protected system are independent of the path a machine may take in attempting communications. Similarly, attempts to send traffic from a managed machine to an unapproved destination is terminated at the source - and your ability to stop such traffic is not dependent on the traffic traversing a security appliance..

Back to Top

Is ESP compatible with Cisco NAC?

Yes, ESP works with Cisco NAC. The ESP agent integrates with the Cisco Trust Agent to provide security posture information to the CNAC infrastructure. Additionally, the ESP solution provides a layered defense complimenting the CNAC controls by making sure machines stay compliant once they are granted access to the network. If hosts become non-compliant or host-configuration changes are observed, ESP can automatically respond and restrict their ability to communicate over your network.. ESP supports access control rules that can be implemented at any level of granularity - from restricting access to a few key systems to quarantining a host.

Back to Top

Why should I deploy an agent-based solution versus an agent-less solution?

'Agentless' solutions can typically be more accurately described as 'transient agent' solutions. That is they are in fact executables that have all the characteristics of an agent (e.g. require privileges to run, consume system resources, support communications protocols for communicating with a server, etc.)...Some key advantages of the ESP persistent agent system architecture include the following:

  • In order to see, block or allow network traffic, a persistent presence on the host is required. All packet filters, including the ESP Agent, require this presence. Agentless approaches must rely on other devices to detect rogue machines and to regulate traffic on the network.
  • Using an agent allows Elemental to run the policy engine locally on each managed host. This allows Elemental to leverage the power of a language based approach to deliver highly efficient agent/server communications. And it allows the Elemental approach to scale to very large number of managed systems. Agentless approaches do not scale well. The process of pushing down mini-programs in the form of transient agents to do the monitoring and enforcement of policies is inherently inefficient.
  • ESP Agents provide persistent compliance monitoring. ESP policies remain in effect whether or not the machine is connected to the local network. Agents run independently. Agentless approaches require continuous communications with a central server.
  • ESP Agents provide a very tight coupling between the monitoring and enforcement of policy rules. This enables automated remediation of non-compliance. Non-compliance can be directly remediated if desired without requiring additional administrative action
  • The ESP architecture provides a scalable infrastructure for running credentialed checks on managed machines.

Back to Top

What performance impact will your product have on my hosts?

The ESP agent is designed to be non-intrusive. On average the agent will consume 2-4% of dynamic memory and will have a negligible impact on CPU usage. As with other common desktop security products, there may be intermittent spikes in CPU usage depending on the types of policies deployed, but the majority of ESP rules require very little resources to run.

Back to Top

How much network traffic does your system generate?

Communications between the ESP agent and server are highly efficient. The underling policy language has been developed to enable policies to be communicated to the agents while consuming minimal bandwidth. While many site-specific implementation details - such as number of host groups, and number and type of policies deployed - will be determinant factors, the typical network bandwidth consumption is on the order of 300 Kbs per 1000 agents.

Back to Top


Website Development by Nobis Interactive