System admins used to only dream about knowing exactly which devices were on their network and controlling what resources those devices were accessing. There has been an explosion of products announced and released during the past few months aimed at providing this highly sought view of traffic flows and hosts, as well as tools to enforce network policies. One of the more mature solutions is ESP (Elemental Security Platform) 2.0.
ESP takes all of the good features in the previous release and adds more scalability and platform support, simpler policy deployment, and an even longer list of built-in reports. The entire system is very dynamic, constantly providing IT with updated information on known and unknown hosts. ESP still requires a software agent to be installed on all managed hosts, but as in the previous release, it allows for granular control even over unmanaged devices.
The latest Elemental version comes with a new name but the same laser-sharp focus. The name change from Elemental Compliance System to Elemental Security Platform is not by chance. Version 2.0 is poised to be more of an underlying security infrastructure, providing host assessment and policy information to other systems.
Elemental has a strategic partnership with Cisco that allows it to work with NAC (Network Admission Control)-enabled policies and to define the compliance threshold for network admittance. ESP doesn’t take control of the wire, as does Cisco’s NAC, but it does control everything that runs on it.
Also new, ESP can now handle as many as 10,000 agents on a single ESP server, up from 4,000 in the previous release. The server now also runs on Solaris 8/9/10 and RHEL (Red Hat Enterprise Linux) 4.0. Admins will still have to supply their own Oracle 9i or 10g Enterprise Edition database to handle information storage and retrieval. A dual-processor server with 2GB of RAM and 200GB of disk space is a good starting point for the ESP server.
Agent up
Admins install software agents on the servers and host devices they want to actively manage. These agents can either be pushed out using a software distribution system or be installed from a network share or CD. Once installed, the agents “phone home” to the ESP server, reporting back information such as host name, IP and MAC (media access control) address, OS version and service pack level, network configuration, CPU and other hardware information, as well as what hosts the client is connected to.
All the data gathered by the agents is used to dynamically place the device in any number of groups. Admins can create different security policies to apply to hosts based on their group membership. Even in my simple test scenario, each server and client ended up in four or five different groups. Elemental provides a large number of predefined groups, and admins can create custom group definitions to meet specific needs.
The latency I saw in the previous release associated with policy deployment and enforcement is nearly erased in 2.0, now that policies are pushed out to the agents.
The agent also has a built-in packet-filter engine that allows ESP to enforce “no connection” policies to hosts. For example, I had a policy that forbade hosts in the accounting group from having any connection with hosts in other groups. No special network hardware is needed; the agent handles everything.
| Test Center Scorecard | |||||||
|---|---|---|---|---|---|---|---|
 |  |  |  |  |  |  | |
| 25% | 20% | 20% | 15% | 10% | 10% | ||
| Elemental Security Platform 2.0 | 10 | 9 | 9 | 9 | 9 | 9 |
9.3
Excellent
|
This whitepaper explains the terminology and concepts behind Data Replication technologies and establishes some sizing rules through worked examples. Learn the new paradigm in disaster tolerance—protect data anywhere.
Download now »
Server virtualization is a popular option for dealing with mounting datacenter costs. Another equally promising approach is the use of an Application Delivery Controller. Citrix NetScaler provides a low-cost way for organizations to reduce their server count and accrue cost savings from a reduction in space, cooling, power and personnel.
Download now »
The emergence of WLANs has created a new breed of security threats to enterprise networks.
Included in HP ProCurve WLAN solutions is security technology that alleviates threats from WLANs through:
* Monitoring wireless activity inside and out of the enterprise
* Classifying WLAN transmissions into harmful and harmless
* Preventing transmissions that pose a security threat to the enterprise network
* Locating participating devices for physical remediation
Effectively address data protection challenges, implementing solutions that help store and protect business–critical data while cutting costs and improving efficiency and reliability.
Download now »
Sign up to receive Security Resource Alerts
This white paper provides guidance on how to develop a strategic approach to managing and monitoring logs, a key function required for compliance with many regulatory mandates and a critical defense against security threats.
Download now! »
Learn about the processes and technologies that support security information management (SIM) operations, as well as the business case for SIM. The series examines different options for implementing SIM and gives you evaluation criteria for selecting the best option for your organization.
Download now! »
Learn the strategies, actions, and capabilities that Best-in-Class organizations employ and technologies they choose to obtain superior performance against various security performance metrics. This report provides guidelines for identifying which security solutions to consume as a MSS and defines best practices for choosing and managing MSSPs.
Download now! »
5 Recommendations
