Security auditing tools

Preventsys tracks network compliance.

How can you confirm your systems are configured appropriately and maintain that configuration over time? In our tests, Preventsys Network Audit and Policy Assurance 1.5 proved to be a flexible, easy-to-use product that earned accolades as a World Class Award designee.

The growing number of security policies and regulations companies are required to follow - the Health Insurance Portability and Accountability Act and the Sarbanes-Oxley Act, for example - creates high demand for policy-compliance products. But how can you confirm your systems are configured appropriately and maintain that configuration over time? In our tests, Preventsys Network Audit and Policy Assurance 1.5 proved to be a flexible, easy-to-use product that earned accolades as a World Class Award designee.

Preventsys takes the results of vulnerability assessment scans and compares them with defined policies, looking for systems that are out of compliance. By default, open source tools Nessus and Nmap are used for scanning, but many third-party products, including Internet Security Systems' Internet Scanner and eEye Digital Security's Retina, also are supported. Preventsys uses XML  at its core, so you are only limited by your ability to get your audit results in an XML format that the Preventsys product can then analyze.


How we did it Archive of Network World reviews

Subscribe to the Product Review newsletter


The system comprises three main servers: the audit, compliance and database servers. The audit server runs scans. The compliance server performs all the analysis and processing of the scan results. Users tap into the whole system via a Web-based console that's communicating with the compliance server. The database (PostgreSQL by default, but Oracle also is supported) server stores all the data, both raw and analyzed.

Preventsys shipped three Shuttle systems containing 2.4- or 2.8-GHz Pentium 4 processors, each with 1G byte of RAM for our testing, but customers only receive the software and professional services for installation. The Web interface is intuitive and easy to use. We created new users, defined networks and hosts, and launched a scan in a matter of minutes.

We were impressed with the level of detail at all configuration levels. For example, user permissions are segregated between scanning, analysis, reports, remediation updates and remediation assignment activities. This segregation, combined with definable network/host permissions, means you could tailor its security parameters to fit almost any organizational structure.

Preventsys includes an array of default policies, such as the SANS Top 20 and or your own list of e-commerce servers. A number of policies also are developed from National Security Agency and National Institute of Standards and Technology guidelines. Additional policies that Preventsys developed are included in the built-in Policy Library Update function of the product. A rollback function also is available for easy removal.

Preventsys provides several methods to create and update policies. The most direct is to modify the XML code yourself. For a more template-driven approach, the Web interface includes some policy development functionality. A third option is to use the separate Windows-based Policy Lab application that Preventsys provides to design and create new policies.

Preventsys can be configured in a number of ways, support myriad scan reports in XML and run any policy created against any scan data. A strong feature is the ability to re-analyze scan data, meaning you can run a policy comparison against scan data at any time. This works great for those companies that have specific windows for systems scans, but might need to check new policy compliance at any time.

Reporting is another strong point of Preventsys. The system includes a number of default reports, including executive summaries, compliance, trends, remediation tasks and individual network/ host reports. Each report can be published so it is easily accessible through the administration interface. Additionally, reports can be exported to a PDF and saved offline.

Preventsys Network Audit and Policy Assurance System 1.5

RATING

4.9
Company: Preventsys, (760) 268-7800 Cost: Ranges from $65,000 for 1,000 nodes to $375,000 for 20,000 nodes. Pros: Highly customizable with XML infrastructure; excellent user interface; ability to analyze multiple policies with one set of scan results. Cons: Pricey.
 
Ease of use/flexibility 25%  5.0
Reports 25%  4.8
Policy development 25%  5.0
Remediation 25%  4.8

TOTAL SCORE

4.9
 
Scoring Key: 5: Exceptional; 4: Very good; 3: Average; 2: Below average; 1: Consistently subpar

Preventsys has integrated the ability to calculate your financial risk. When defining assets within the system, you can enter the cost of the system in terms of the price of the machine or the value of the data on that machine. These numbers are used during the report-generation phase to calculate various risk levels if either the machine or its data is compromised.

Remediation assignments - where you define who on your staff is responsible for fixing certain vulnerabilities - are easily managed through the system. Because Preventsys supports a number of different tools, you can hand out remediation assignments for vulnerabilities detected from multiple scanners from this central place. Once assigned, the assignee then can update the task with the results of their investigation and note any action taken as a result.

Preventsys also can include a wireless module that will analyze a wireless infrastructure for security weaknesses. We did not test this module.

Overall, Preventsys provides a strong central control point for vulnerability analysis, policy compliance, remediation tracking and reporting. With the growing list of security requirements, centralized policy compliance reporting eases the job of security managers.

Learn more about this topic

Andress is president of ArcSec Technologies, a security company focusing on product reviews and analysis. She can be reached at mandy@arcsec.com.

NW Test Alliance

Global Test Alliance

Andress is also a member of the Network World Global Test Alliance, a cooperative of the premier reviewers in the network industry, each bringing to bear years of practical experience on every review. For more Test Alliance information, including what it takes to become a member, go to www.nwfusion.com/alliance.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Related:

Copyright © 2004 IDG Communications, Inc.