ESM offers better organization

Cupertino, Calif.-based Symantec has launched the Enterprise Security Manager (ESM) 5.5, something that the company says will give IT and security administrators the power to automate planning, supervision, and monitoring of security policies from a single location.

That, says Michael Murphy, general manager Symantec Canada, means better organization and higher quality security for companies.

Murphy said ESM first came through Symantec via an acquisition of Axent Technologies last year, meaning that 5.5 is the first release of this under the Symantec banner.

“I like to say that it has been ‘Symantecized’ because we have incorporated some of our technologies in the product,” he said, adding that it only makes sense for this to leverage the same strengths as Symantec’s other products. “That’s one of the key things.”

New features include the Crystal Reports, which enable security administrators to prepare and distribute detailed pre-configured and customizable reports. Users may also create their own queries and reports based on specific network characteristics. Security managers can also build and distribute policies to branch offices to ensure the company’s parameters are consistent.

Murphy said ESM 5.5 sometimes serves as a bit of a wake-up call to companies.

“ESM provides a lot of data, especially when it is first run with customers,” he said. “Most don’t realize how vulnerable or at risk they are until they install a product like this. Initially, ESM generates a lot of information on patch levels and risk levels, vulnerabilities that exist and report back to the central manager.”

ESM 5.5 supports major relational databases, including Oracle, SQL Server, and Microsoft Access.

The product collects security information and takes it to the selected database. There, the customer can apply custom queries to that database to create specific reports for a target application, or the company as a whole.

ESM 5.5’s host-based configuration utilizes an installed agent on each system to examine vulnerabilities and compliance to the security policy. A central component, the manager instructs the agents to retrieve and analyse security information. This information is stored on the manager system and delivered to a console where the security administrator can further review the security data gathered by the agents. The analysis generated is based on the organization’s security policies that are modified with one or more ESM 5.5 modules. The modules are tailored components that evaluate a variety of operating systems.

Jason Wright, industry analyst with security technologies at Frost and Sullivan in San Antonio, Tex., said he sees this as more than just a product; he sees it as part of a major trend.

“Overall this is the start of the evolution of the productization of what traditionally has been a service,” he said. “I think we are going to see a lot more of these types of products that are able to scan your network and identify the resources that you are using and the operating systems and then associate a known vulnerability and provide a very convenient manner of getting a patch or a solution.”

Wright added that this product is well suited to large enterprises and has only one immediately visible drawback.

“One thing that I didn’t see here was the ability to track your progress, which is a very important aspect of this product or service,” he said. “You need to see where you are an how you have improved or declined over time. That provides a trend that can be identified by the management to see if people are doing their jobs.”

He added that the next step in this evolution of products would be a product that, instead of just looking at all the existing products on a network, is an event management correlation.

“That will be software that sits very high and controls lots of agents and it takes readings from not only servers, but routers and all security appliances,” he said. “It’s able to be an IDS on steroids.”

Pricing for the ESM 5.5, now available, is US$19.95 per manager and US$9.95 per agent, but Murphy said there is volume pricing available.

For more information, visit Symantec at