Supplier Pedestal Software, Inc.
$495 (server), $30 (workstation)
Requires no agents and allows groups to share common rules as necessary, while ensuring specific rules apply to user groups when required. Easy to install.
Doesn't employ user tutorials to ensure policy is understood.
Security Expressions provides a useable solution to the problem of policy management and enforcement.
Policy enforcement is only as good as your management system allows, so a serious vulnerability could go unnoticed without prior knowledge of the problem.
Security Expressions allows deployment using no-agent technology to ensure that, once installed on either Windows NT or 2000 systems, the administrator can add machines within a group, that are required to adhere to the policies that pertain to that group.
Servers and workstations may have common rules that apply to them all, but they may also have specific rule sets that only apply to their particular group.
Installation is typical of Windows with the usual wizard-based walk through requiring 32Mb of RAM and 20Mb of disk space. Policies may be either pre-defined or customized to suit individual needs but, to initiate Security Expressions and get it working, you can utilize the security information file (SIF) which deploys predefined policies.
These simple text files can be modified or written for particular needs, and provide the ability to scan all networked machines. The Explorer- interface makes the resulting reports easy to read.
All of this is achieved from a centralized console used to manage your users, and provides a scaleable and achievable policy enforcement that limits human error in the equation. Patches can be automatically applied so that your systems are less vulnerable to attack, and by scanning your networked machines simple security breaches can be terminated. Audit trails can be achieved and security fixes can be accomplished on one workstation or the entire network.
This software is extremely easy to get to grips with and allows you to get your security policies working from day one while having the ability to re-write or instigate newly written policies over a period of time. Changing configuration settings, locking down systems to exact compliance or making individual changes to settings are all achievable.
Rather than waiting to find a problem after the event you have the ability to scan all network resources for compliance.
This provides information on vulnerabilities, allowing fixes to be made before any security holes become obvious through apparent breaches.