ESM6: An Innovative Security Timesaver

As the name implies, Enterprise Security Manager (ESM) offers busy administrators a comprehensive method to manage the security environment of their enterprise networks. CRN Test Center engineers evaluated ESM in a real-world enterprise environment to ascertain the value the product offers to security-conscious administrators.

ESM functions via a three-tier model. The primary components of the software suite consist of a console, manager application and software agents. All of the primary action takes place with the manager application, which acts as both a central repository for gathered data and as a

policy engine to assist with security remediation procedures. Each manager implementation can support as many as 300 consoles and 2,000 agents, which translates to 300 IT staffers managing 2,000 systems.

Software agents perform ESM's grunt work. Agents are installed on each managed system and are available for all flavors of Microsoft Windows, Novell NetWare, Linux and other operating systems. The agents can be pushed out via the manager or installed as part of a login script procedure. Properly deployed agents are key to ESM's functionality; the agents are responsible for examining each system and comparing the system's configuration against defined baselines as dictated by implemented policies. Consoles are used to define policies and control the manager application, which in turn controls deployed agents.

Solution providers will find the browser-based console straightforward to use, with the definition of policies both easily created and modified. Furthermore, ESM offers tiered security, where the product's users are defined and rights assigned. ESM employs its own user security database independent of any existing network security schemes already in place, which is a slight disadvantage for those looking to unify security under LDAP, NDS or Active Directory.

Security threats change on an almost-daily basis, with new vulnerabilities being discovered frequently and new attacks created to leverage operating system shortcomings. To combat those problems, ESM relies on Symantec's live update technology, an Internet-based service that can automatically download vulnerability updates and deploy those updates to agents and managers.

The real magic of the product is demonstrated via the robustness of created policies, through which administrators can create policies that can drill down to specific operating system settings. For example, policies can be created to examine particular registry settings in an operating system or determine what patches have been installed.

Furthermore, policies can control who can do what on a particular system, ranging from application installations to the ability to change environment settings or registry entries. Although ESM has those capabilities, the product is designed as a management tool, not an automated remediation system, and so discovered security concerns or systems that do not adhere to defined policies must be remediated manually by the security staff.

ESM employs a novel approach for easing management chores by having groups of agents that can be divided into virtual domains. Administrators can define what agents fit in a particular group using filters. That allows security groups to be defined based on any number of elements, further dividing managed systems by critical selections such as installed operating systems, enforced policies or even policy exceptions. That makes remediation and deployment tasks much easier.

Administrators will come to rely on the product's reporting capabilities to build remediation projects, knock lists or action items. Simply put, administrators will run a reporting job to build a list of what does not meet the implemented policies, and administrators can work from that report to budget remediation tasks or hand off those tasks to a separate remediation application.

Solution providers will find ESM a powerful tool for normalizing security in an enterprise environment. The product's primary strengths include scalability and multiple operating system support, which are both key to success in heterogeneous enterprise networks. While ESM serves well as a powerful management tool, solution providers may need to bundle ESM with remediation tools or services to build a complete solution for pressing security demands.

CHANNEL PROGRAM SNAPSHOTS
>SYMANTEC ENTERPRISE SECURITY MANAGER 6.0
PRICE: $1,200 per server
MARGIN: 33 percent
DISTRIBUTORS: Direct from vendor
TECH RATING:

CHANNEL RATING:

CHANNEL OVERVIEW: The two-tier channel program of Symantec, Cupertino, Calif., provides varying amounts of leads, technical support, discounts and support from company engineers based on a partner's sales volume. Field-based systems engineers assist in integrations and make joint sales calls. Symantec's partner Web site includes a co-branded marketing program and training resources.

Note: Vendors can earn up to five stars for technical merit and five for their channel program. If the average of these two scores is four stars or greater, the product earns CRN Test Center Recommended status.