Exclusive: ESP 2.0 boosts your network perception
Elemental's upgraded platform delivers simpler policy deployment and smarter agents
ESP’s capability of handling agentless hosts is still one of its most intriguing aspects. Based on information gleaned from hosts with the agent, ESP passively monitors unmanaged devices and places them into various groups. For one of my Microsoft SBS (Small Business Server) 2003 servers not running an agent, ESP categorized it as Inside (part of my locally defined network), Observed (a broad group of detected systems), and Active. ESP also recognized it is a DNS and DHCP server and a Windows system. Based on this information, I could craft a policy that either allowed agent-installed clients to connect to the SBS 2003 server, or, conversely, deny access to any managed host from the server.
Policies for everyone
Gone in the new release is the Directive structure -- an intermediary step in policy creation -- used in 1.1. Policy creation is now a two-step process: Select the necessary policy and choose the group of hosts to deploy it to. This change allows for a much faster, smoother, and intuitive process.
New policy rules cover regulatory compliance, with HIPAA and PCI (Payment Card Industry) joining Sarbanes-Oxley; running processes; installed files; hardware devices, such as USB thumb drives; and CIS (Center for Internet Security) benchmarks. ESP can also check for anti-spyware -- Computer Associates, Lavasoft, McAfee, and Webroot -- and now supports Trend Micro Antivirus in addition to Symantec and McAfee.
Admins can now grant policy exceptions to specific users or groups of users on demand, or they can schedule the exceptions. This allows for more strict enforcement settings after-hours, for instance, denying all traffic to secure database servers. ESP also now comes with delegated administration (read/write/deploy) and can make use of user information stored in LDAP and LDAP-enabled directories, such as Active Directory, and RADIUS as the source of local user log-ins.
The reporting capabilities in Version 1.1 were very impressive, but that wasn’t enough for Elemental. This release boasts nearly four times as many predefined reports as before, allowing quick access to compliance reports for a specific group of hosts as well as various traffic statistics. Other reports cover inventory -- hardware, software, patch level -- and remediation. A new feature allows you to schedule reports automatically -- nice for the busy admin. I found the reporting system to be straightforward to use, but figuring out how to slice the data sometimes took a while.
Last year, Elemental set the standard for providing hosts compliancy checks and insight into network traffic patterns. Now, ESP broadens its reach to include more client and server platforms and increases the number of agents a single ESP server can handle. Still impressive is the granular policy deployment and the amount of raw information the agents report back to the server. Although ESP doesn’t control access to the wire, it does handle all other aspects of network traffic smoothly and gracefully. Elemental Security Platform 2.0 has just raised the bar a little higher.