Elemental Security Platform (ESP)

Annotations

Things agents report back to ESP server includes: host name, IP/MAC, OS version/service pack, anti-virus status, services the client is running (DNS, mail, web), network configuration, CPU/hardware info, user accounts, what hosts the client is connected to, other user defined attributers such as running processes.

Agents periodically check in with ECS (every 3 min), server poll all gents every 30 minutes. Not a replacement for IDS/IPS system.

Based on these info, client hosts are placed into groups that share a common criterion. Admins create different security policies to different groups and pushed the policies out to the agents. The agents have a built-in packet filter, which is key to enforcing the policies on the hosts.

Concept of "reverse policy enforcement" (i.e. it can still enforce policies on hosts not running agents by letting known hosts limiting/denying connections to these unknown system not running the agent.)

Generate a report to see how many hosts might be out of compliance with the policy and the exact rule a host is violating. Admin can either correct the out-of-compliance item or enable packet filtering on the agents.

Scalability: 10,000 agents on a single ESP server.

OS platforms Server: Solaris, RHEL Clients: Windows, RHEL, Solaris, AIX, HP-UX, Mac OS X DB: Oracle Enterprise Edition Directory Server: LDAPv3, Active Directory

Cost: Server starts at $35,000; agents approximately $600 per enterprise server, $60 per standard desktop.