Product Details
Product Rating
Audit (2003)
Keeping tabs on what hardware and software you have within your organization is more than just good practice, it can also save you money. By Rene Millman
Looking after an organization's assets, especially when they contain vital data, is essential. If it goes astray or is no longer visible to a systems administrator alarm bells should start ringing. Information on computers that house critical data is key to maintaining a secure organization, and will help in sustaining data protection policies.
An eye on your assets
Also important for a company's financial health is the ability to keep track of licensed software. This is for two reasons. First, the cost of unlicensed software is high - if you get caught you will be fined heavily. Second, software is often bought and then left on the shelf, making for a rather expensive bookend.
We put auditing software under the microscope this month and results of these tests really show a mixed bag of results with many products doing the same job for different operating systems.
Some products are aimed at inventory fraud analysis and security management auditing. Having an internal database logging the software and hardware in use within your organization does this. That way the system administrator can monitor what is installed where (and that includes software installed by users themselves) and take appropriate action before a visit from one of the anti-software piracy organizations takes place.
Many products have a variety of means by which to do the job. Most of them involved a client-server relationship where software installed on the client communicated with a central repository and sent details of what the device was and what was installed on it. For most this meant manually installing the software on the client, running logon scripts or configuring policies to pull client software onto the machine to be audited.
There were a couple of applications that sniffed around the network looking for clients and then pushed the software on to them. We felt this made the job of auditing a lot easier and was truer to the definition of automated auditing.
Once installed most of the packages could be made to communicate with clients on a daily basis and some were easily configured to run daily checks to make sure that equipment was still in the building. Virtually all included a questionnaire function to get other information, such as the computer user, department and phone numbers. etc., which could not be easily gained through a straight automated audit.
Multi-platform support
Some packages offered to only audit Windows-based PCs, while others took a broader view and offered client support for Macs, Linux and Unix systems. KeyServer and Centennial did well in multi-platform support.
Another facet to the test was ease of use. Auditing can be a grindingly boring task at the best of times, so anything to get the whole process over and done with, and without too many difficulties, was going to get extra marks. This incorporates the ability to bring up the right information at the right time (i.e. now) and get answers to those questions from senior management fast.
Some, like Centennial, made auditing almost a joy to complete, with its straightforward approach to the task in hand. Others, meanwhile, took longer to get to grips with the task and are probably aimed at massive corporations with highly skilled technicians who relish a challenge.
Performance is a minor issue as none of the products caused any major network bandwidth problems while running the test, although some did take a long time to report back on their findings.
Reporting is another item to consider. Again, when answers to questions from senior management are needed, there is nothing better than lots of figures and graphs on a piece of paper to show what is what.
Cost-efficient reporting
Most products could pour out a lot of data to reporting tools, such as Crystal Reports, but others, such as Tally Systems TS Census, offered up web reporting as well which we thought was not just an incredibly cost-efficient way of displaying report data, but also pretty cool and something that should be considered by the rest of the competition.
Where data is stored about what your organization has was another consideration. Most offered a choice of outputting data to either Microsoft's SQL Server (or a version of it), Oracle or Access. This is important as the data collected needs to be managed in a way that accommodates the enterprise's computing platforms. All products had to keep a clear audit trail of what was happening to allow forensic analysis, should anything be deemed suspicious.
A couple of products in this Group Test deviated from plain inventory auditing. Pentana did an excellent job of making sure that an organization has done everything in its powers to address security aspects surrounding
