• United States
by Mandy Andress, Network World Lab Alliance

Pedestal aids in security enforcement

Jul 12, 20044 mins

No corporate security policy is effective without enforcement, and enforcement requires compliance checks. Pedestal Software’s SecurityExpressions 3.1 is an agentless product that audits systems based on a pre-defined set of rules, letting organizations easily identify computers and other devices that do not conform to a defined corporate security policy.

In our tests, we found that its flexibility and ease of use make this product a strong tool for automating security compliance reviews in an enterprise network.

How we did it

Archive of Network World reviews

Subscribe to the Product Review newsletter

The SecurityExpressions installation is a simple process that uses the standard Windows installer technology. Once installed, it can be used as-is, with a stand-alone console that can reside on just about any Windows system. Or you can use distributed consoles and have all data logged to a central database. SecurityExpressions is easily configured to record data into an Open Database Connectivity enterprise database, such as Oracle.

SecurityExpressions’ value lies in its security policy (.sif) files, which comprise the technology that lets organizations automate security policy compliance checks. SecurityExpressions includes .sif files that outline security best practices and guidelines that Microsoft, The SANS Institute, The National Institute of Standards and Technology, The National Security Agency and the Department of the Navy have published. These policy files check registry keys, file permissions and account passwords against the set policies. Additional .sif files reflecting other policies, such as SANS Linux guidelines and Windows Service Packs, are also available online for free for registered customers.

Within the console, administrators can view the details of each specific check the policy files perform. SecurityExpressions is very flexible in that these checks can be modified to fit an organization’s requirements. They also can be copied to a new policy file if an administrator wants to create a custom policy. Administrators can import a Windows Group Policy file that SecurityExpressions then can translate into a .sif file for audit checks.

SecurityExpressions audits Windows systems themselves using Windows Networking tools such as admin shares and remote registry files. SSH Version 2 connections are used for Unix/Linux systems where authentication can be standard password authentication or RSA Security public key. An agent is available for systems that have stricter security requirements, such as those that cannot run remote registry or file sharing. The product also can schedule audits to run automatically.

In addition to auditing, SecurityExpressions includes remediation functionality to fix identified issues or systems not in compliance with a defined policy. These fixes can be easily deployed with a mouse click but need to be used with caution on production systems, as any change has the potential to disrupt a production environment.

SecurityExpressions includes a Windows patch policy, so this product could be used for patch management.

Each deployed fix can be logged, but this is not enabled by default. Once logging is enabled, rollback for deployed fixes is simple. SecurityExpressions just reverses the original change when the administrator selects the rollback action, usually after a change introduces an adverse effect into the environment.

For reporting, SecurityExpressions includes a Crystal Reports engine and a number of default reports ranging from full scan details to high-level trends. For report creation, administrators can select scan results and machines to include in the report. You can’t create your own report templates, though.

SecurityExpressions 3.1 OVERALL RATING
Company: Pedestal Software Cost: $29 per desktop and $695 per server. No charge for the management console. Pros: Very intuitive and easy to use; immense flexibility for audit definition. Cons: Console can run only on Windows; unresponsive scans hang; needs improved timeouts.
The breakdown    
Policy definition 30% 4.5
Policy compliance/remediation 30% 4.5
Ease of use 20% 4.0
Reporting 20% 4.0
Scoring Key: 5: Exceptional; 4: Very good; 3: Average; 2: Below average; 1: Consistently subpar

We encountered a few issues with the console crashing or consuming 100% CPU utilization. This occurred when we audited systems that resided in a different physical location and needed to scan over a WAN connection, audited systems in a different Windows domain than the console resided, and shutdown/rebooted a system in the middle of a scan. The CPU utilization issue only surfaced on the laptop. The Windows server did not have any CPU issues, but the console hung and required a forced process termination.

SecurityExpressions includes a distributed proxy functionality, which should be used for auditing systems in a remote office. It should include better timeout parameters in all of its checks. The weak password policy includes a timeout on non-response, but not all policies include this functionality.

Overall, we can say that SecurityExpressions helps companies customize and automate security compliance checks in line with their policies. With the growing security compliance requirements, this is no small accomplishment.