Review: Fully Seen, Fully Secured
More specifically, the end-point security management software's scanning produces information on processes, applications, startup commands and toolbars that are being used. The tool also can identify services and applications that are not permissible or fall outside registered software licenses. In addition, Spectator can identify missing services and unapplied service packs.
Spectator arrives with some network change management capabilities, such as hardening registry values by controlling and reverting registry entries if unauthorized changes are made. If a malicious program tries to change registry values, Spectator will automatically change all the registry settings back. Spectator also supports Microsoft Windows Vista.
When downloading a Promisec evaluation, make sure to obtain a license key. The company does not have a standard time-based license for Spectator Professional on its Web site. The software works on Windows NT and above, so CRN Test Center engineers installed it on a Windows 2003 server. If .Net is not already installed the product installation will install .Net framework 2.0.
Port 445 must be open for administrators to gain remote access to end points. Remote registry and file and print sharing must be active on all end points. Remote procedure call access also needs to be enabled.
The software is simple to use when connected to Microsoft Active Directory. Spectator 3.1, the version available at review time, did not support access to end points when running a Windows server in stand-alone mode, unless the Spectator server and all end points were running with the same authentication credentials. Spectator 3.2 fixed that limitation.
Spectator is agentless, so setup takes minutes. Engineers used a stand-alone Windows 2003 server and were not able to scan any machines with version 3.1. Engineers received "access denied" messages even after matching authentication credentials. They experimented with levels of access to remote shares but were not successful. Even with administrative privileges, engineers could not complete the scan. Users need to have the same authentication in order for the system to recognize them.
Version 3.2 can use different authentication credentials. With the help of Promisec, engineers were able to set up new user names to log onto end points. This version arrives with a credentials management feature that uses host credentials without having to access Active Directory.
Next: The Bottom Line The credentials have to be created in a group rather than individually, unless there's a single authentication credential being used on a network. The pane is a little confusing because administrators are given both options without a clear-cut way of differentiating between adding single users and using credentials in a group.
On the lefthand side of its workspace pane, Spectator displays all the machines that are being inspected. Spectator provides options for connection through single IP addresses, IP ranges and computer names. After selecting the machines, Spectator displays the items on the left pane. Administrators can also import files with IP addresses.
To select users, administrators can either import host files from Active Directory or use a dynamic import that integrates with it. Every time Spectator runs automatically, it will contact Active Directory to collect new end points or those that have been switched off.
On the righthand pane, Spectator provides a database of programs and services it can scan. The database is listed by categories such as peer-to-peer applications, service packs, remote control applications and accessible hardware devices.
The inspections are listed alphabetically, allowing administrators to quickly find the scanning options that are enabled and disabled. The scans are categorized, so administrators can work with them in groups. Engineers found the list of P2P applications to be comprehensive.
Promisec's research department constantly scours the Internet looking for new trends in each category. If an item is not listed in Spectator, administrators can customize it with a user-defined module. The module allows administrators to type the name of any application, and Spectator will look for it.
Spectator is able to identify Bluetooth, network, wireless and modem cards that are available. If the wireless cards have the same IP address as some network cards then administrators can know if the cards are used simultaneously. This feature can identify simultaneous connectivity between private and public networks. Administrators can see if intruders are trying to break down the barriers between private and public networks.
If an intrusion is detected, Spectator can shut down the service remotely. It can also identify removable storage devices, even if it has been unplugged before a scan. If a device is brought back, Spectator is able to identify it. In addition, it can identify any software that synchronizes with hardware devices, including music managers.
Spectator can remove the drivers remotely for the devices. It is not, however, able to block access to the devices. If a company has standardized on BlackBerry devices, then administrators can turn off the scans for those devices.
Changes are made on the fly, so administrators do not need to make manual corrections. Applications that are not registered cannot be removed. Some new applications such as Skype VoIP software cannot be uninstalled at this time. According to Promisec, more than 90 percent of Spectator sales go through its cadre of channel partners. The company offers solution provider margins that range between 25 percent and 35 percent. Evaluation and audit licenses are available to partners, and the evaluation licenses are available at no charge.