Going above and beyond

The category breaker: Elemental Security’s Elemental Compliance System 1.1Dave Kearns, independent consultant, “Identity Management” and “Windows Networking Strategies” newsletter author

Selected by

What makes this product so special? Last fall, in the Windows Networking Strategies newsletter, I waxed rhapsodic about what I saw as the end of the traditional firewall, defined as a fence around our network, or a fortress to keep out the bad guys, typically built around the enterprise’s internal network. The border has all but disappeared, as connections are made (and dropped) rapidly by all sorts of devices situated in all sorts of places. What was needed, I said, was a new class of service – a “firedoor.” This would be a proactive and reactive service that could respond to threats as needed without blocking legitimate traffic. It was a new category, but there was one contender for the niche, the category breaker – Elemental Security.

I speculated that a firedoor should react to anomalous activity that may be intended to harm the network or the organization by creating an isolation area where all of the potentially malicious packets are quarantined. But the firedoor should quarantine by event, providing separate areas for each attempt to breach security. The firedoor would then respond to the potential threat by sending back legitimate packets as expected. It not only would alert security personnel and log actions (just as firewalls do) but also would begin the forensic process to trace the attack as well as its source. In other words, firedoors are active while firewalls are passive. You also could say firedoors are firewalls coupled with policy-based computing.

Elemental Security, a recent start-up, aims to make policy-based computing (typically concerned with user activity) easier to implement and monitor. It also makes it more all-encompassing, as it provides the ability to monitor hardware and users from the same box.

Elemental wants to be the fuel that powers your network. That’s a pun, because the essence of its offering is Fuel, a scripting language for policy writing. Guido van Rossum, who created the Python language, developed Fuel for Elemental Security. It’s an English-like (in words and syntax) language that lets you express policy in constructs such as “Engineering cannot talk to HR Servers,” in which engineering is an Active Directory group and HR Servers could be Windows boxes, Linux servers or Solaris hosts – or any combination of them.

Elemental Security supports a wide range of hardware devices and understands the policy languages of all of them. It also can translate among them, so the simple English phrase you write is quickly and effortlessly converted into a policy that’s understood on every platform.

Groupings can be done dynamically – no need for manual policy updates. In addition, policy-driven packet filters can enable dynamic network access-control lists and autodiscover new machines – and immediately apply the necessary policies.

A key component to a firedoor is anomaly detection and the resulting enforcement. Because of Elemental’s policy-based, host-level approach, the system readily exposes usage anomalies in terms of network activity for a host or group of hosts by reporting on traffic volumes for ports, protocols and specified destinations (IP or URL/FQDN). In addition to network traffic, Elemental can monitor the inventory of the hardware and software on a host. Anomalies are detected if unapproved applications, such as instant messaging, or hardware devices, such as removable data devices, were in use.

The Elemental package also would make a good addition to your suite of regulatory compliance products. Knowing not only who did what, but who could do what (by a thorough examination and reporting of policies), is integral to such regulations as the Sarbanes-Oxley Act. That’s so important in today’s enterprise that Elemental refers to its product as a security compliance manager – but it’s really a firedoor.

Who’s using it? Among the enterprises that have implemented the Elemental Compliance System are Catholic Health System, John Wiley & Sons, Marshall BankFirst and Purdue University.

How much will it cost the enterprise, on average? Elemental Security licenses the product by server and agents (i.e., connectors to managed services and devices). The price for one server and 500 agents is $100,000; bulk pricing is available and most installations will vary.

Symantec’s Backup Exec 10d for Windows Servers | Next story: U3’s U3 smart-drive technology >