Americas

  • United States
Neal Weinberg
Contributing writer, Foundry

Preventsys

Opinion
Mar 04, 20043 mins
Networking

* The Reviewmeister checks out the Preventsys Network Audit and Policy Assurance tool

You’re complying with all those new federal regulations, but complying isn’t enough. You have to prove that you’re complying. So we checked out the Preventsys Network Audit and Policy Assurance tool and found that it might be just what you’re looking for.

Preventsys takes the results of vulnerability assessment scans and compares them with defined policies, looking for systems that are out of compliance. By default, open source tools Nessus and Nmap are used for scanning, but many third-party products, including Internet Security Systems’ Internet Scanner and eEye Digital Security’s Retina, also are supported. Preventsys uses XML  at its core, so you are only limited by your ability to get your audit results in an XML format that the Preventsys product can then analyze.

The system comprises three main servers: the audit, compliance and database servers. The audit server runs scans. The compliance server performs all the analysis and processing of the scan results. Users tap into the whole system via a Web-based console that’s communicating with the compliance server. The database (PostgreSQL by default, but Oracle also is supported) server stores all the data, both raw and analyzed.

We were impressed with the level of detail at all configuration levels. For example, user permissions are segregated between scanning, analysis, reports, remediation updates and remediation assignment activities. This segregation, combined with definable network/host permissions, means you could tailor its security parameters to fit almost any organizational structure.

Preventsys includes an array of default policies, such as the SANS Top 20 and or your own list of e-commerce servers. A number of policies also are developed from National Security Agency and National Institute of Standards and Technology guidelines. Additional policies that Preventsys developed are included in the built-in Policy Library Update function of the product. A rollback function also is available for easy removal.

Preventsys provides several methods to create and update policies. The most direct is to modify the XML code yourself. For a more template-driven approach, the Web interface includes some policy development functionality. A third option is to use the separate Windows-based Policy Lab application that Preventsys provides to design and create new policies.

Overall, Preventsys provides a strong central control point for vulnerability analysis, policy compliance, remediation tracking and reporting. With the growing list of security requirements, centralized policy compliance reporting eases the job of security managers.

For the full report, go to https://www.nwfusion.com/reviews/2004/0202preventsys.html

CORRECTION: Last week, I wrote a review of  Nortel’s BayStack 5510, but in the headline I called it the BayState 5510. Yes, I had a brain freeze, but, hey, I live in the Bay State. These things happen.