• United States
Neal Weinberg
Contributing writer, Foundry

SecurityExpressions 3.1

Jul 20, 20043 mins

* The Reviewmeister takes a look at Pedestal Software's SecurityExpressions 3.1

What good is a security policy if nobody complies with it?

Pedestal Software’s SecurityExpressions 3.1 answers that question with an agentless product that audits systems based on a pre-defined set of rules, letting organizations easily identify computers and other devices that do not conform to a defined corporate security policy.

In our tests, we found that its flexibility and ease of use make this product a strong tool for automating security compliance reviews in an enterprise network.

The SecurityExpressions installation is a simple process that uses the standard Windows installer technology. Once installed, it can be used as-is, with a stand-alone console that can reside on just about any Windows system. Or you can use distributed consoles and have all data logged to a central database. SecurityExpressions is easily configured to record data into an Open Database Connectivity enterprise database, such as Oracle.

SecurityExpressions’ value lies in its security policy (.sif) files, which comprise the technology that lets organizations automate security policy compliance checks. SecurityExpressions includes .sif files that outline security best practices and guidelines that Microsoft, The SANS Institute, The National Institute of Standards and Technology, The National Security Agency and the Department of the Navy have published.

These policy files check registry keys, file permissions and account passwords against the set policies. Additional .sif files reflecting other policies, such as SANS Linux guidelines and Windows Service Packs, are also available online for free for registered customers.

Within the console, administrators can view the details of each specific check the policy files perform. SecurityExpressions is very flexible in that these checks can be modified to fit an organization’s requirements. They also can be copied to a new policy file if an administrator wants to create a custom policy. Administrators can import a Windows Group Policy file that SecurityExpressions then can translate into a .sif file for audit checks.

SecurityExpressions audits Windows systems themselves using Windows Networking tools such as admin shares and remote registry files. SSH Version 2 connections are used for Unix/Linux systems where authentication can be standard password authentication or RSA Security public key. An agent is available for systems that have stricter security requirements, such as those that cannot run remote registry or file sharing. The product also can schedule audits to run automatically.

In addition to auditing, SecurityExpressions includes remediation functionality to fix identified issues or systems not in compliance with a defined policy. These fixes can be easily deployed with a mouse click but need to be used with caution on production systems, as any change has the potential to disrupt a production environment.

SecurityExpressions includes a Windows patch policy, so this product could be used for patch management.

For reporting, SecurityExpressions includes a Crystal Reports engine and a number of default reports ranging from full scan details to high-level trends. For report creation, administrators can select scan results and machines to include in the report.

For the full report, go to