PoliVec Adds To Security Policy Tool Suite

PoliVec, Inc. has announced an addition to its suite of policy development and deployment tools that helps companies quickly determine when systems become out of sync with corporate security policies.

PoliVec now has a suite of three products that work together to help companies develop, implement, audit and monitor security policies.

PoliVec Builder is used to translate plain-English policies into a machine-readable format, and includes templates for creating new policies. PoliVec Scanner imports those policies and regularly audits operational systems for compliance to the policies.

The third piece of the puzzle is PoliVec Enforcer, says Roberto Medrano, CEO of PoliVec, based in Mountain View, Calif.

Enforcer continuously monitors networked systems for configuration changes. When it detects a change, Enforcer compares it against the policy detailed in Builder to determine whether the change creates a policy violation.

If so, Enforcer alerts administrators via its desktop console, email or pager, such that they can fix the vulnerability before it is exploited.

PoliVec has Enforcer agents for Solaris, Linux, Windows NT, Windows 2000 and, soon, Windows XP systems. Agents for HP UX, Novell and AIX are in planning stages.

Medrano notes that the PoliVec tools are especially helpful for companies that must comply with new regulations such as the Gramm Leach Bliley Act and the Health Insurance Portability and Accountability Act, as the Builder component comes with templates that spell out policy requirements specific to each. A more general best-practices template comes with policies that can apply to most any company.

Pricing for PoliVec Enforcer starts at $25,000; the company expects most installations will be in the $50,000 to $100,000 range. Builder ranges from $6,000 to $10,000, not including GLB and HIPAA templates. Scanner costs $15,000 to monitor 500 systems.