Content

Policy management 2006

These days, networks, applications and their security have become quite a complex affair. There are all sorts of angles: access control, device configuration and protection, vulnerability scanning and remediation, policy creation and enforcement, regulatory compliance, intrusion detection, patch management and many other factors. All of these must be taken into consideration with respect to contemporary IT networks, and this trend is likely to continue.

Fortunately, recognition of this reality at board level has been more forthcoming in recent years, releasing resources for this critical area of operations. At the same time, we have seen the development and refinement of many useful tools and utilities to help take some of the laboriousness out of the work involved. In short, we are getting to grips with the perennial question of network security like never before, although, of course, we must never be complacent as, in many respects, the ultimate goal is something of a moving target, with new potential threats developing all the time.

Furthermore, network security administrators have a continuing task in keeping up to date with such developments, as well as the available technology with which to address them, which is also changing all the time. This "moving picture" has, of course, implications for an organisation's technical architecture, as changes in one area often have a knock-on effect in another. One must therefore choose such tools carefully and periodically review their fit within the general IT architecture and prevailing situation. Clearly, flexibility within such tools and how they might be deployed will be an important factor in this context. Similarly, an intuitive configuration, ease of deployment and general inter-operability will prove important as networks develop to accommodate ever changing IT estates and associated business requirements.

In this group test, we have a mixed bag of interesting products, including tools to protect wireless LANs, solutions to unify access across disparate operating systems, comprehensive network security models, utilities to review access entitlement across the enterprise, products that offer a simple security solution for small to medium-sized enterprises, tools to undertake vulnerability scanning and tools for policy management. Indeed, this assortment covers a fairly broad spectrum of potential situations and requirements. All of these products are genuinely useful and will deliver what they promise if configured and deployed properly.

The question for many will be: where do we stop? Any such tool brought into the organization will have its own, ongoing support issues and costs, and may add complexity to the overall deployed product portfolio and technical architecture. Security professionals must therefore be selective as to which functions they really need and how to provide them.

It may be that they can best achieve functionality in certain areas from within their own skills base, keeping things in-house and tightly managed, while for other functions, a purpose-designed tool might prove more suitable. They may already have certain tools in place that are working satisfactorily and whose functionality need not be duplicated.

In virtually all cases, it would be pertinent to develop an overall view and associated ongoing strategy, in order that products such as those featured here may be slotted in as and where necessary in order to meet a defined objective. This is, after all, the essence of good management. So how do these particular products stack up in this respect?

All of these test subjects had something interesting to offer in one way or another. We were particularly intrigued by the single-mindedness of approach of the Airmagnet Enterprise 7 and its focus on the protection of wireless LANs, as we appreciate that this is an area of concern to many. The Centrify Direct Control product will be especially welcomed by those seeking a unified and manageable access control approach across Unix, Linux, Windows and Mac clients.

The ID-Certify product will no doubt be welcomed with open arms by many struggling with regulatory compliance issues. The Security Center Lite product will introduce many to vulnerability scanning who may not have otherwise ventured into this area. The Solsoft Policy Server and Lockdown enforcer will similarly find ready homes, and the Global Command Center offers comprehensive network protection, scalable for large enterprises and capable of fine levels of control. They are all worthy products, deserving of a closer look by those seeking such functionality.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.