Solutions
ELEMENTAL SECURITY PLATFORM PRODUCT OVERVIEW
"We know the business goals. We've deployed security products and services that should
help us achieve them. And yet we can't demonstrate that our network is significantly safer."
Chief Information Security Officer,
Fortune 500 Company
The Implementation Gap
In a world where information has become too important to risk, IT professionals are increasingly assuming the role of risk managers. They must meet business needs while doing the best possible job of protecting their networks-because the loss or compromise of critical data or any interruption to communications can bring business to a screeching halt. In addition, they must protect the organization itself from risks associated with failing to maintain full regulatory compliance.
Whether it's ensuring business continuity, better defending their critical assets, or becoming SOX or HIPAA compliant, security professionals readily understand these business-based IT goals. Their challenge lies in translating these broadly defined objectives into actual security states on the thousands of elements that comprise their networks.
The constantly changing environment of today's enterprise networks compounds the problem. At any given time, administrators find it hard to know the true state of the countless individual machines and systems that are connected to their networks-and they can't manage what they don't know.
What if they could somehow achieve full knowledge regarding the state and activity of all these elements? Keeping track of the myriad changes, and manually checking and rechecking that the right security policies are on the right systems at the right time can introduce errors and is prohibitively time and resource intensive.
The security industry has responded to this dilemma by introducing a dizzying array of products designed to link business-based IT objectives with measurable results. However, these offerings have all targeted very narrow aspects of this enormous challenge. This siloed approach has driven administrators to attempt to manage security policies through organizational integrations and costly and resource-intensive manual workarounds. The result is a policy implementation gap that leaves most organizations exposed to significant risks.
The Elemental Security Platform
Aligning Enterprise Security with Business Objectives
Elemental has developed the first integrated solution that lets security administrators meet their broad-based security objectives in dynamic, real-world enterprise environments. It provides an unprecedented view into the network, including an up-to-the-moment security posture of every machine. Using this highly detailed view, Elemental's solution enables administrators to achieve their business goals by quickly translating high-level security policies into the desired security states on each and every affected machine on the network.
The Elemental Security Platform gives a far better view of my network than any product I have ever seen.
- CIO, Large Financial Institution
It allows administrators to measure, monitor, and enforce their desired security states, while also providing full reporting capabilities. As a result, enterprises can for the first time obtain meaningful metrics, measurably improve their security, and satisfy compliance requirements using a single product-the Elemental Security Platform (ESP).
Closing the Policy Gap
Any organization is only as secure as the degree to which it has achieved compliance with well-developed and comprehensive policies.
ESP offers a robust policy library with more than 2000 rules and editable templates, which Elemental has derived from NSA, DISA, CIS, Microsoft, Oracle and other sources for best practices for general computing security, as well as for HIPAA, SOX, PCI and other government regulations and industry standards.
Administrators can select policies from this library to assess and implement the desired security state on all affected systems on their network, and get results within minutes.
Elemental reduces security threats and risks of non-compliance by making it easy to translate business objectives into well-developed policies, and express these across the network. A well-developed policy is rooted in best practices, and:
- Takes into account business/organizational goals and the technical environment
- Is not blind-allows exceptions and is flexible enough to allow for business realities
- Provides a consistent set of metrics that support continued improvement in security process and practices
- Supports hierarchical expression of policies-i.e., enables a high-level overview supported by a detailed drill-down
- Is consistently implemented across computing platforms and organizational boundaries
Known Variables
While security professionals understand the business goals and realities that inform the right policies, in a changing environment they find it hard to know the true state of the network. More than half the elements in a typical network are changing every year, people are revolving in and out of the organization at a rapid rate, and rogue machines, outsourcing, and consultants constantly inject unknown risks.
Elemental solves this problem by making every machine on the network transparent to security administrators. The unique Elemental solution comprises a software-based, agent/server architecture. An integrated policy-based packet filter delivers a complete and continuous assessment of traffic generated by all machines on the network and works across platforms to implement policies. This awareness of network elements enables administrators to:
- Automatically configure machines in accordance with regulatory requirements and security best practices
- Restrict the ability of unauthorized or non-compliant machines to harm critical resources Assure that only approved hardware and software have access to key systems
- Discover and contain new machines coming on the network
This unprecedented visibility also makes it possible to create and implement policies in a way that takes into account the business, organizational, and operational context of each machine. In addition, the Elemental solution expresses policies across all parts of the computing environment, automatically implementing policies on all hosts. It also continuously monitors host machines, optionally controlling access based on their compliance with assigned policies.
Ensuring compliance isn't limited to machines managed by Elemental software; each host also monitors the activity of unknown machines on the network. This surveillance capability quickly identifies non-compliant machines and leaves rogue machines with no place to hide.
The Elemental Security Platform is the first and only product that combines the key capabilities essential for effective security policy and risk management. Only through this type of comprehensive approach-which seamlessly integrates these key capabilities in a single product-can organizations quickly and cost-effectively assure continued alignment between their business goals and their security operations.
Group Dynamics
Only the Elemental solution provides the automation necessary to do all this in the rapidly changing environment and real-world business context of enterprise networks. A key aspect of this automation is dynamically grouping machines based on common characteristics, such as networking behavior, configuration, registry settings, running processes, and hardware or software inventory.
The ESP makes it simple to define groups. Then, as new systems or users connect or as new applications come online, each policy is applied to all the hosts and users in a defined group. As the activity of individual hosts changes, group membership also changes automatically, and the correct policies are applied accordingly.
For example, an administrator can specify a general policy-such as "Only members of the finance department using computers that comply with Sarbanes-Oxley (SOX) can access the finance database"-and the system dynamically updates network access rules based on user group membership, machine configuration, and SOX compliance levels.
Compliance
With audit requirements increasing through governmental regulation as well as internal policies, ensuring security compliance has never higher priority. The Elemental Security Platform save both time and money by reducing the of internal audits, and by decreasing the effort measuring and demonstrating compliance internal and external audit and regulatory requirements.
Designed to ensure the efficacy of controls, of the Sarbanes-Oxley Act has created many on IT departments. Meeting the requirements controls around networks and computers involves providing evidence that documented security are implemented and monitored. The Elemental Security Platform provides detailed reporting supports a comprehensive policy framework system security, manage the configuration computers on the network, and monitor compliance.
Similarly, the Gramm-Leach-Bliley Act, PCI and include provisions to protect consumers' personal As a result, all require compliance with security standards that include administrative and technical safeguards. Elemental helps provide the breadth required controls to ensure the availability, confidentiality and integrity of protected consumer data.
Meeting Business Needs for Auditable Compliance
With audit requirements increasing through governmental regulation as well as internal security policies, ensuring security compliance has never been a higher priority. The Elemental Security Platform helps save both time and money by reducing the frequency of internal audits, and by decreasing the effort of measuring and demonstrating compliance with internal and external audit and regulatory requirements.
Designed to ensure the efficacy of controls, Section 404 of the Sarbanes-Oxley Act has created many demands on IT departments. Meeting the requirements for controls around networks and computers involves providing evidence that documented security controls are implemented and monitored. The Elemental Security Platform provides detailed reporting that supports a comprehensive policy framework to ensure system security, manage the configuration of all computers on the network, and monitor compliance.
Similarly, the Gramm-Leach-Bliley Act, PCI and HIPAA all include provisions to protect consumers' personal data. As a result, all require compliance with security standards that include administrative and technical safeguards. Elemental helps provide the breadth of required controls to ensure the availability, confidentiality and integrity of protected consumer data.
Key Customer Solutions:
Managing Enterprise Security Policies - Who, What, Where & When
The Elemental Security Platform provides the first and only security policy system built from the ground up to make the state and activity of users and computers totally transparent.
Implementing Role-Based Access Controls for Systems and Users
Protecting critical resources from unauthorized systems and users represents one of the most important concerns for enterprises today. Elemental helps to ensure that any machine from which a user attempts access is subject to, and compliant with, appropriate security policies.
Discovering and Controlling Unmanaged Hosts
Elemental provides automatic discovery and profiling of unmanaged machines, which includes detailed traffic information for both managed and unmanaged computers. This enables administrators to dynamically group unmanaged machines and to deploy policies that can control the access privileges of these unknown machines.
Protecting Sensitive Data Against Compromise or Loss
Information has become highly mobile, increasing the possibility for misappropriation via a variety of pathways-from high-capacity USB media to wireless and mobile devices to instant messaging. Elemental's policy and risk management-based solution ensures that only authorized users are granted access to data, and that measures are taken at the point of use to protect data from misappropriation or tampering.
Complying with Sarbanes-Oxley
The Sarbanes-Oxley Act (SOX) requires that CEOs stand behind the IT controls involved in financial reporting. Elemental helps enterprises meet this standard by making it easier to document their controls and prove to auditors that each has been properly implemented, maintained and monitored.
Implementing the Comprehensive Health
Insurance Portability
and Accountability Act
(HIPAA)
Elemental provides a framework for deploying and enforcing policies on computing resources that store and have access to patient health care information. This comprehensive solution makes it easy for a broad range of organizations-from banks to universities to healthcare providers-to adhere to HIPAA best practices for network access control, host security configuration management, and systems and software inventory controls.
Meeting the Payment Card Industry (PCI) Data Security Standards
Elemental enables enterprises to adhere to PCI best practice security standards for building and maintaining secure networks, controlling access to cardholder data, and implementing a policy-based approach to monitoring and securing enterprise networks. The Elemental solution delivers the visibility, control, and automation necessary to protect cardholder information as well as the systems that host the applications through which it is processed and delivered.
Elemental is a trademark of Elemental Cyber Security, Inc.
All other trademarks and registered trademarks are the property of their respective holders.
© 2007 Elemental Cyber Security, Inc. All rights reserved.