New Boundary and Elemental provided preconfigured servers running their management components. We installed the management components of all the other products on Windows 2003 servers with 3-GHz processors and 1GB RAM. We used VMware Workstation to support multiple products on the same server.

We first tested agent deployment and the products' ability to connect to hosts with agentless technology. We had a test bed of 10 hosts, comprising Windows XP, 2003, 2000, Linux and Solaris. We ran discovery scans to identify systems not running the necessary agent and deployed agents using the product console, if possible.

We reviewed out-of-the-box compliance policies for the regulatory standards and best-practice configuration guidelines of the Health Insurance Portability and Accountability Act, Gramm-Leach-Bliley legislation, and the National Institute of Standards and Technology. We launched scans of our test systems with some of the default policies and reviewed the results.

We then tested the products' ability to customize default templates and configure custom checks. We created checks to ensure Sophos Anti-Virus and the Windows firewall were running and Google Desktop's search-across-computers feature was not enabled. We checked Windows patch compliance, values in several registry keys, password settings and user account status on Windows 2003. For the Linux and Solaris systems, we evaluated several configuration checks and installed patches.

To assess the products' access-control features, we created several users with different permissions. We also attempted to create a user who could view only reports, ideally through a Web interface.

When issues were identified during compliance checks, we read through the resulting report to see what information was provided on the identified issue and how to correct it. We then tested the products' autoremediation functionality.

For reporting, we looked for the products' ability to export reports into multiple formats and autodeliver to a defined e-mail address after a scheduled policy check. We attempted to create a delta report showing the specific changes made to a system over a period of time. We also looked for a product audit trail that showed which users performed what actions within the system.

< Previous: Preventsys offers twist | Conclusion: Conclusion >

Whitepapers

• Getting in Compliance With Government Data Regulations By Leveraging Online Security Technology
• How to Offer the Strongest SSL Encryption
• Maximizing Site Visitor Trust Using Extended Validation SSL
• Seven Steps to Reducing your Security Risk
• The Latest Advancements in SSL Technology
• Vulnerability Management For Dummies

View more SECURITY whitepapers

Webcasts

• Mobile Data Security
• Best Practices for Deploying WAN Optimization for Disaster Recovery
• Key Considerations for a Successful 802.11n Deployment
• Solutions to the Toughest IT Challenges in Remote Offices
• Lowering the Cost of Email Archives
• High Availability for SQL Server 2005 Using Array-Based Replication and Host-Based Mirroring Technologies

View more SECURITY webcasts

Special Reports

• The Evolution of Network Security
• Taking Virtualization Up a Notch
• The self-managed network

View more SECURITY special reports