The 3.1 version of Pedestal Software's SecurityExpressions audit and compliance monitoring software adds a security benchmark score that shows how well a company is complying with an authoritative security policy it selects for itself.
SecurityExpressions 3.1, released this week, ships with a selection of industry best-practices system security policy files that include: Microsoft Security Recommendations for its Platforms; SANS Step-by-Step for NT, Solaris and Windows 2000; NIST Guidelines for Windows 2000; and NSA Guidelines for Windows 2000 and Windows XP.
SecurityExpressions automates the process of auditing Windows and UNIX desktops and servers against these best practices system security policy files, and it can help bring these systems into compliance with the chosen policy. SecurityExpressions also supports highly customized system security policies that companies develop on their own.
"Many companies start with a best practices system security policy and then edit the various 'rules' within those policy files to their preferences," says Debbie Braunert, senior marketing manager with Pedestal.
Version 3.1 also provides automated notification of audit and report completion via email, SNMP, Unix Syslog, Windows event log or custom scripts. The product now includes a query wizard with a front-end interface used to specify files, registry keys, file permissions, users and groups.
"It's not the industry regulations that are driving our business, and it's not viruses," says Bill Andrews, vice president of marketing with Pedestal. "It's a failed audit or a security breach that is driving our business."
Other new features in version 3.1 include: the product stores machine lists and host information in a central database for use by multiple system administrators; an audit and compliance policy file for use with Hewlett-Packard's HP-UX operating system; it uses Advanced Encryption Standard; and it allows companies to schedule multiple audit and compliance tasks.
SecurityExpressions operates without agents and supports, in addition to HP-UX, Windows, Linux, Sun Solaris and IBM AIX. The product audits users and groups for permissions, rights, privileges and passwords; it checks for key security patches; it detects unauthorized modems, wireless access points and USB hard drives; and it determines whether software virus detection is turned on or whether unauthorized software (such as Kazaa) is present.
The company does not charge for the SecurityExpressions console, but prices based on the number of desktops and servers being audited. Servers cost $495 each and desktops, $30 each. Typical sales are in the $50,000 range and up.
Pedestal Adds Security Benchmark Score to Audit Software
