F-Secure Policy Manager
: Multi-featured and easy to pick up – great management software.
: The Push Installation Wizard only installs F-Secure products.
: Anyone using Policy Manager will wonder how they ever coped without it.
SummarySystem administrators used to wish this sort of tool existed. The days of traipsing up three floors and pulling users off their PCs to configure the latest bit of security software are well and truly in the past, because it can all be done from the comfort of a single, centralized console.
F-Secure Policy Manager is a policy based, centralized management system for providing widely distributed security, with an administrator console for the creation and management of the corporate security policies. It consists of two components – the Console and the Server. They operate together with the F-Secure Management Agent that handles all management functions on local hosts. Both the F-Secure Policy Manager and the F-Secure Management Agent are based on the F-Secure Framework with a comprehensive security management architecture.
The package has many capabilities, but its primary function is to distribute and manage software and policies on your network. It comes equipped with FileCrypto, Distributed Firewall, VPN+ and highly-rated Anti-Virus Client Security, and once you have pushed the custom installation to all your hosts, you can reconfigure to your heart's content and apply the same changes across the board.
You are not restricted to local networks either: it offers full support for secure remote handling, and anything the user tries to change can be locked well out of their control – handy both to protect and shackle a company's more inquisitive staff.
These days, there is no excuse if it is a lot of trouble to install a piece of software, and most people get turned off having to spend an hour configuring a new system prior to its first use. Thankfully, the Policy Manager eases on to a chosen machine with minimal fuss, and we soon found that the console had an attractive and sensible interface via which to conduct business.
We started testing this product by using the Autodiscover feature to build a tree of domains and hosts. Once this is in place, the administrator can use the Push Installation Wizard to distribute the software components (F-Secure packages only) around the network.
Conveniently, install hosts need not all be part of the tree, because it is possible to specify target IP addresses. This means that, once an undiscovered host takes on a new installation, an autoregistration message is sent directly to the Policy Manager and the host can be included in the policy domain tree, thus considered policy managed.
In most setups there is an emphasis on effective data distribution, and there is a strong facility here for keeping the right files current. An example most people can identify with is virus definitions, which the Auto Update Agent grabs within two hours of publication. Naturally, virus updates are distributed around your network in minutes, and you are provided with an email alert feature to keep all interested parties abreast of any developments in your secure structure.
Of course, once all the carefully planned policies have filtered down to their target machines, there is bound to be a time when these policies will need to be changed.
And consider too the scenario in which staff have changed and left someone else to take up the reins and keep security policies current. This is where the reporting options come in: there are any number of ways to procure information about what is happening with the F-Secure products on your network. Whether you want a quick reminder of the status of Bob from accounts' Intrusion Detection Sensitivity, or a breakdown of all the virus activity in the past year, the reports are just as easily constructed and pleasingly laid out.
What's more, it is still possible to include absent desktops in your reports, because when a user connects their laptop to the network, all relevant security statistics get passed over in the background, and without the need for a single user click.
The company's 24-hour technical support line was really useful. We phoned at around 10 p.m. and got straight through to a friendly and well-informed representative who answered everything we threw at him, and even offered up several features we hadn't considered.
One of these was the concept that, if you have a special policy for a certain type of user found in many domains (for example, if you want to cruelly deny bored secretaries browsing privileges), they can be grouped together in a tree and a blanket policy pushed down to them, rather than handle each at a time. Suitably, there is a Force button to make doubly sure that adjustments are applied.
Also worth a mention are two nifty wizards, included to help smooth the progress of encryption and VPN administration. One generates file encryption master keys and the other creates X.509 certificates for your F-Secure VPN+, and both are straightforward.
All in all, the Policy Manager is an immaculate piece of work, made even better by the fact that it will cope with a mixed Windows/Linux system. To configure an enterprise's security policies and get the Policy Manager Server to distribute them to all the desktops in the office, it is just as easy to handle three as it is 3,000.