This is the first report in a series of RSA stories based on new trends in identity management and network security. Symark is one of those companies that unless you work in IT, or follow various areas of security, you might have little information about them. Ranked as one of the 500 largest software providers in the world, I was pleasantly surprised to get a briefing on what they offer to IT.
Symark offers something unique to help with ID management and policy enforcement. The Power series, PowerBroker, PowerKeeper, and PowerADvantage, are three tools that can help manage policies and identification in environments that use multiple platforms.(IMG:J.Anderson)
While at RSA, I was scheduled to meet with Symark. Fate intervened and the meeting was canceled, but the research and information gathered for the meeting is still relevant. Later, I was able to touch base with them at the booth and over email. There are many news reports about mismanaged access, and violations of policy leading to exposure of sensitive information. Truth be told, almost all news recently centers on this in some way.
RSA is full of vendors – naturally – that offer security of some kind for just about any issue you may have, but there was one flaw with most of them. They were mostly focused on Windows based networks and offices.
Policy management and access enforcement is huge. You have to control the information on the network and control who has access to this information in order to meet corporate compliance regulations and manage the company effectively.
There is a need to include more than just Windows in the infrastructure. The reasons for this vary from IT shop to IT shop, but the fact is, it is no surprise to see UNIX, Linux, and Windows in the same datacenter. However, that in itself poses some problems, ID management being one of them. LDAP and AD rarely play well together. Sure, you can make it happen, but it takes a considerable amount of work.
Symark offers something unique to help with ID management and policy enforcement. The Power series, PowerBroker, PowerKeeper, and PowerADvantage, are three tools that can help manage policies and identification in environments that use multiple platforms. The two that stood out for me are PowerBroker and PowerADvantage.
PowerBroker starts with UNIX/Linux based IT shops and covers some interesting angles. It granularly delegates what tasks can be performed as the root password and by whom. Depending on how the UNIX/Linux environments are utilized, sometimes someone will need to access SUDO or SU and perform a task, or fifty. If one thing is certain about an administrator on a Nix based network, the root access is controlled, and protected to the point that gaining it would be paramount to getting water from a rock.
PowerBroker loosens some of this control from the outward appearance, but in reality, it offers more control to the administrator. Looking at the types of control offered, the base package offers tools and settings that will make even the most paranoid of administrators out there smile.
To say logging is detailed would be an understatement; the logging on PowerBroker is insane. Key Logging, event recording, and logs so detailed you see the I/O for each request made. Application accounts (Oracle, Apache to name two) can be secured and access enforced. Files and directories are restricted, and again logs detail every action taken on them.
Using a variant on the C Language, access control policies can be scripted or altered on the fly. Access can be restricted to date and time if needed, and LDAP is available as well. OpenSSL and PKI are supported, and for the compliance shops, the overall package is designed to work with existing technology to maintain all of the major compliance types.
Now, we talked about the security offered to UNIX/Linux based shops, but not everyone uses just those two platforms. Sometimes Nix based platforms are mixed with Windows Active Directory, meaning that identity management is split. Again, the two can work together, there are tools to assist in making this happen, but that is often easier said than done.
PowerADvantage, is a little agent that resides on Linux and UNIX systems that will communicate with AD. Combined with PowerBroker, Nix based hosts are integrated into AD, offering the ability to process authentication requests, and enforcement of GPO. Uniform identity management is something not everyone has, and most vendors I have looked at fail to offer it.
Like PowerBroker, ADvantage ensures that SOX, PCI-DSS, GLBA, and HIPPA compliance is met by including all activities that are performed on the Nix based systems are written to the proper Active Directory logs.
You have to admit that the ability to manage Windows and Nix based systems on the same domain is something unique and quite handy. There was one thing I was curious about, what about VM usage?
I asked Symark about VM based systems, focusing on how well the Power series works with them, if at all. Jeff Nielsen, Senior Product Manager at Symark explained it to me.
“The PowerSeries products function in a virtualized environment the same way they function in a physical environment. The PowerSeries products don’t patch or modify the underlying OS kernel or binaries, so there a no changes required when they function in a virtualized OS environment versus when they function in a physical environment. In compartmentalized virtual environments, such as Solaris Zones, our products can be configured to run in the base zones, the virtual zones, or both. Which configuration is appropriate depends on what the customer requires.”
If you want to take a test drive, you can download 30-Day trials.
http://symark.com/downloads/evaluation.html
Jeff GoldbloomApr 16th, 2008 - 17:13:10
I couldn't agree more with this article. Symark really has the products to offer complete security coverage. Highly recommend researching their products.
Report this comment