Exclusive: ESP 2.0 boosts your network perception

System admins used to only dream about knowing exactly which devices were on their network and controlling what resources those devices were accessing. There has been an explosion of products announced and released during the past few months aimed at providing this highly sought view of traffic flows and hosts, as well as tools to enforce network policies. One of the more mature solutions is ESP (Elemental Security Platform) 2.0.

ESP takes all of the good features in the previous release and adds more scalability and platform support, simpler policy deployment, and an even longer list of built-in reports. The entire system is very dynamic, constantly providing IT with updated information on known and unknown hosts. ESP still requires a software agent to be installed on all managed hosts, but as in the previous release, it allows for granular control even over unmanaged devices.

The latest Elemental version comes with a new name but the same laser-sharp focus. The name change from Elemental Compliance System  to Elemental Security Platform is not by chance. Version 2.0 is poised to be more of an underlying security infrastructure, providing host assessment and policy information to other systems.

Elemental has a strategic partnership with Cisco that allows it to work with NAC (Network Admission Control)-enabled policies and to define the compliance threshold for network admittance. ESP doesn’t take control of the wire, as does Cisco’s NAC, but it does control everything that runs on it.

Also new, ESP can now handle as many as 10,000 agents on a single ESP server, up from 4,000 in the previous release. The server now also runs on Solaris 8/9/10 and RHEL (Red Hat Enterprise Linux) 4.0. Admins will still have to supply their own Oracle 9i or 10g Enterprise Edition database to handle information storage and retrieval. A dual-processor server with 2GB of RAM and 200GB of disk space is a good starting point for the ESP server.

Agent up

Admins install software agents on the servers and host devices they want to actively manage. These agents can either be pushed out using a software distribution system or be installed from a network share or CD. Once installed, the agents “phone home” to the ESP server, reporting back information such as host name, IP and MAC (media access control) address, OS version and service pack level, network configuration, CPU and other hardware information, as well as what hosts the client is connected to.

All the data gathered by the agents is used to dynamically place the device in any number of groups. Admins can create different security policies to apply to hosts based on their group membership. Even in my simple test scenario, each server and client ended up in four or five different groups. Elemental provides a large number of predefined groups, and admins can create custom group definitions to meet specific needs.

The latency I saw in the previous release associated with policy deployment and enforcement is nearly erased in 2.0, now that policies are pushed out to the agents.

The agent also has a built-in packet-filter engine that allows ESP to enforce “no connection” policies to hosts. For example, I had a policy that forbade hosts in the accounting group from having any connection with hosts in other groups. No special network hardware is needed; the agent handles everything.