Establishing and maintaining security policies across an enterprise network is a necessary hassle. The good news is that PoliVec's suite of security tools - Builder, Scanner, and Enforcer - smoothes out the process.Establishing and maintaining\u00a0security\u00a0policies across a corporate network is a necessary hassle. The good news is that\u00a0PoliVec's\u00a0suite of security tools - Builder, Scanner and Enforcer - smoothes out the process. Builder is the best component of the suite, providing an easy way to develop strong security policies. Enforcer is a more complicated tool, requiring quite a bit of configuration, a process that could be simplified. How we did it Interactive Scorecard and NetResults Archive of Network World reviews Subscribe to the Product Review newsletterPoliVec Builder has a graphical user interface that helps you quickly develop an enterprise security policy according to best practices for physical security, e-mail security, network access, remote access, authentication, incident response and security training. You also can define your own policy statements. Builder even includes templates to help organizations develop policies that adhere to regulations such as the Health Insurance Portability and Accountability Act and the Gramm-Leach-Bliley Act, which governs financial institutions.Starting with Policy Editor, you select policies and best practices as the first step in developing a policy document. Many of the policies have attributes that can be customized for your organization.The best feature in Builder is the ability to create implementation standards based on your policy. Implementation standards are detailed instructions that show administrators how to configure their servers to adhere to the security policy.PoliVec Scanner taps into the policy document to audit systems and determine if they are configured correctly. Scanner analyzes systems for password policies, registry settings, audit trail settings, trust relationships, Windows NT File System (NTFS) settings and account management. Scanner also includes a password cracker to test end-user passwords to ensure they follow defined policies. By analyzing registry settings, Scanner also can determine which security patches are missing from the system.You can schedule scans to run automatically and can customize the password-cracking dictionary to include key words that end users might be inclined to use in their password.Security policies from Builder can be imported to use as the baseline for scanning. Customized policies also can be defined and used as the basis for a scan. One caveat is that Scanner only works with Windows NT, 2000 and XP machines.The results of the audit are all stored centrally. You can generate multiple reports, such as displaying the audit results of a scheduled scan, audit results for a specific group of systems, or comparing trend information of several audits for one system.One of the best features of Scanner is its ability to correct identified issues on remote systems in real time from the central console. Issues such as improper NTFS permissions, incorrect password policies, and incorrect account settings can be changed immediately, conforming the system to your organization's security policy.Enforcer provides continuous monitoring of specific systems for adherence to corporate security policy. You can monitor all your systems, or select groups of systems. The policy created in Builder is imported into Enforcer as the enforcement policy.Enforcer agents are installed on each system. In addition to agents, Enforcer also has three other components - Agent Manager, Controller and Console. Agent Manager manages the agent communications. Controller manages the entire system, and Console is the graphical interface used for administration and report viewing.Administrators can configure alarm profiles for attributes of the monitored device. These profiles are a collection of rules that make the escalation process very flexible. When an alarm was triggered, these escalation procedures were followed perfectly in our tests. Enforcer can take various actions, such as send an e-mail or page, or ignore them until the alarm is triggered a certain number of times.Enforcer offers role-based administrator access. It supports three roles: Data Administrator, which allows access to all the information editors, the term used in Enforcer to describe the configuration screens; Administrator, which has access to everything monitored by the product; and Monitor, which only has access to the Control Panel and Reports.As with other PoliVec products, comprehensive reports are available in a variety of formats. With Enforcer, there are reports with detail alarms, date\/time, alarm type and status for multiple agents or only one agent.The PoliVec product suite provides a strong, easy-to-use tool set to let organizations develop, implement and enforce strong security policies. PoliVec Suite - Builder, Canner and Enforcer 3.9 Rating Company: PoliVec, www.polivec.com Cost: Builder, $7,500; Scanner, $10,000; Enforcer, $30,000. Pros: Easy to use; develops best practice security policy in minutes; implementation standards provide excellent directions for system configuration. Cons: Some components are Windowscentric. \u00a0 PoliVec Suite Performance 35% 4 Ease of use 25% 4 Manageability 25% 4 Installation\/Documentation 15% 3.5 TOTAL SCORE 3.8 Individual category scores are based on a scale of 1 to 5. Percentages are the weight given each category in determining the total score. Scoring Key: 5: Exceptional showing in this category. Defines the standard of excellence; 4: Very good showing. Although there may be room for improvement, this product was much better than the average; 3: Average showing in this category. Product was neither especially good nor exceptionally bad; 2: Below average. Lacked some features or lower performance than other products or than expected; 1: Consistently subpar, or lacking features being reviewed.