Symantec ESM comprises all required enterprise compliance components

Product excels in reporting and issue description but is not easy to use.

Symantec's Enterprise Security Manager (ESM) comprises all required enterprise compliance components, excels in reporting and issue description but is not easy to use.

ESM consists of a central SQL Server database, a manager software component that controls communication with agents, an administration console and server agents.

With Symantec's recent acquisition of Bindview and its flagship bv-Control products (renamed by Symantec as the Control Compliance Suite [CCS]), ESM will be picking up agentless capabilities in a release this summer. In that new release CCS responses will report in to the ESM console. For this test, we evaluated ESS and CCS as separate pieces, which contributed to our perception of its overall ease of use.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

Symantec's Enterprise Security Manager (ESM) comprises all required enterprise compliance components, excels in reporting and issue description but is not easy to use.

ESM consists of a central SQL Server database, a manager software component that controls communication with agents, an administration console and server agents.

With Symantec's recent acquisition of Bindview and its flagship bv-Control products (renamed by Symantec as the Control Compliance Suite [CCS]), ESM will be picking up agentless capabilities in a release this summer. In that new release CCS responses will report in to the ESM console. For this test, we evaluated ESS and CCS as separate pieces, which contributed to our perception of its overall ease of use.

For agent deployment, standard enterprise deployment tools such as Microsoft's SMS are recommended. Individual agents can be deployed from like operating system managers, meaning that Windows agents can be deployed only from a manager running on a Windows system, or Linux agents only from a manager running on a Linux system. Discovery runs can be scheduled from within the ESM console to identify systems on the network not currently equipped with the ESM agent.

ESM policy creation is confusing, even if you are already accustomed to Symantec products. Policies consist of modules, within which are checks - specific parameters assessed for compliance - that are based on templates defining such features as registry and service checks. We walked through this process with a Symantec representative in the initial configuration, but were unable to replicate the process easily when we created additional checks for the test. Additionally, compliance checks took the longest to run of any product we tested.

ESM's reporting is the best of the bunch tested - even the delta reports were very valuable. However, the reports are available only in HTML and have no customization options. To resolve this issue, Symantec worked with Cognos (a company specializing in data analysis and reporting) to develop ESM Enterprise Reporting, a separate component included with the purchase of ESM. This add-on makes it possible to create fully customizable reports and save them in a multitude of formats.

Access control is detailed and can be defined down to specific checks that can be run by authorized administrators within specific domains.

Symantec's DeepSight vulnerability-alert content is bundled with ESM; it provides detailed information on security issues and how they should be addressed within the network, but offers minimal autoremediation capabilities. This information is the best of all the products we tested.

As noted above, Symantec and NetIQ are the only vendors offering automated policy and configuration updates. In Symantec's case, the updates are pushed out via its LiveUpdate infrastructure.

< Previous: NetIQ | Next: Configuresoft >

Read more about security in Network World's Security section.