Network Computingwww.networkcomputing.com

	Issue TOC Print full article Print this page Download as PDF E-Mail this URL Discuss this article Flame the author     In this article Introduction BindView Development Corp. bv-Control 7.2 and Policy Operations Center 4.2 Configuresoft Enterprise Configuration Manager 4.0 with Security Update Manager 2.0 Pedestal Software SecurityExpressions 3.0 Symantec Enterprise Security Manager 5.5 PoliVec Security Policy Automation Suite (Builder 2.6, Scanner 3.5, Enforcer 1.1) NetIQ VigilEnt Security Manager 4.0 Computer Associates eTrust Policy Compliance 7.4 How We Tested Report Card

PoliVec offers three loosely integrated products--Scanner, Enforcer and Builder--that do the work of other vendors' single products. This approach does let you purchase only those components you need, but the integration is not seamless.

Scanner discovers the configuration of network hosts and is agentless for Windows targets. Enforcer allows configuration changes to be deployed to target systems, using agents. In the case of Unix systems, Enforcer can also discover configurations. Builder creates from templates security polices that can be distributed and read by end users. Policies can also be exported as XML documents and imported into Scanner and Enforcer.

Builder is a breeze to use--simply run through the wizard and select the policy statements to include in the final policy. Icons show which items are used in Scanner or Enforcer and often have configurable items. For example, we wanted a strict password policy, which we defined in Builder and exported to Scanner and Enforcer. Builder offers lots of explanatory text about policy statements, and each statement could be annotated and customized.

Scanner takes policies--predefined, imported from Builder or defined in Scanner--runs through the selected target, and reports back. Scanner is focused on comparing targets to configurations and lacks some of the robust ad hoc querying capabilities found in other products.