Symantec finds, closes security holes with ESM

Working from the idea that security software is only as good as the last time it was updated, Symantec Corp. Monday released a new version of its vulnerability assessment tool Enterprise Security Manager.

Like previous versions, the upgrade to Enterprise Security Manager (ESM) is a software system that uses a single management console and places clients on servers and desktops to inspect system security. The software not only checks for operating system flaws, but also searches Web server software, databases and other business applications for security holes, said Ronald van Geijn, group product manager for intrusion prevention at Symantec.

ESM checks specific systems against best-security-practices lists for each application, operating systems and other device, he said. The software can be used to automatically run special tests against systems to ensure compliance with government regulations, he added. When security problems are found, they are categorized by severity and provide administrators with information on how to fix them, though links or URLs to software patches are not included, he said.

The new version of ESM, version 5.5, adds support for Symantec LiveUpdate, allows security policies to be imported and exported, offers custom reporting features and boosts analysis capabilities by adding relational database support, van Geijn said. Symantec LiveUpdate is the mechanism used across many Symantec products that allows users to download security updates as they are released by Symantec and then automatically distribute them across the network. Updates for ESM are offered quarterly, or faster when a specific and serious threat, such as Code Red or Nimda, arises, van Geijn said. Vulnerability data is gathered and updates are provided by Symantec Security Response, Symantec's threat research division, he said.

Security policies can be imported and exported with the new version of ESM, allowing a companywide policy to be designed at one location and then sent to remote locations to ensure compliance, van Geijn said. The importing feature also allows previously built policies to be brought in from older systems or locations and redistributed, he said.

ESM 5.5 boosts reporting and analysis features, as well, by offering integration with Crystal Decisions Inc.'s Crystal Reports, and by supporting third-party databases such as Oracle and Microsoft Corp. Access to allow for deeper analysis, van Geijn said. Crystal Reports and database functions can be used to build queries and generate reports. Reports can be generated in HTML, as well as other formats, and access to information stored in databases can be limited using access control lists to ensure that only those who need the information can get it, he said.

Also included by ESM is the ability to track the frequency of password changes to ensure that security policies are being followed, he added.

In order to run ESM, a company must use the management console and at least one copy of the ESM manager application for up to 2,000 server and or workstation clients. For networks comprising more than 2,000 clients, more than one ESM manager is required.The console is the interface through which the system is run, while the manager controls the clients, or agents, running on the servers or workstations. Server agents run on Windows NT/2000/XP, Linux, Novell Inc. NetWare, OpenVMS, as well as Unix variants including Solaris, AIX, HP-UX and Tru64, van Geijn said. Desktop agents run on Windows NT/XP, he said.

Enterprise Security Manager is targeted at businesses that "are sick and tired of being in a reactive mode" when it comes to security and want to protect themselves from threats in advance, he said.

The ESM console is free, while each manager application costs US$1,995. Server agents run $995 per server and desktop agents are $95 each. ESM will be available worldwide on Nov. 15.

Join the newsletter!

Error: Please check your email address.

More about Crystal DecisionsMicrosoftNovellSymantec

Show Comments