Network audit and compliance tools form a fractured market, but integrated solutions and network analysis provide a look ahead.
Network audit and compliance software should give network managers a complete view of their network at all times, plus allow for quick action when necessary to act against vulnerabilities, threats, losses or compliance infractions. Open source tools can often meet basic needs, and disparate point solutions are still common as audit and compliance software matures.
Trends for network audit and compliance software are products that perform integrity monitoring for real-time file integrity and device configuration monitoring. Network collection and forensics tools are emerging to top traditional signature-based capabilities. Audit and compliance software should allow governance across all functional areas, offer a simple interface, and be comprehensive, looking at the entire network, as well as devices and ports,
Best-in-Class Network Audit and Compliance Software Features:
- Easily allows organizations to meet industry security configuration standards and government regulations
- Offers change and configuration management to ensure that network changes meet regulations, with zero downtime
- Provides for governance across many functional areas in an organization to move toward an integrated approach
Top Considerations before Buying Network Audit and Compliance Software Products:
Look for an integrated compliance approach to avoid management headaches around point solutions and manual processes. Smarter network analysis and forensics can spot potential problems quickly and with less work from IT. Consider whether an agentless approach could work, and look for solutions that allow configuration changes with zero downtime. And network audit and compliance software should always ensure that system changes don’t violate government regulations.
1. nCircle Suite360 provides automated security and compliance auditing through an agentless product line. It can audit IT functionality across a global network, with automatic vulnerability discovery, audits for configuration compliance and file integrity monitoring. nCircle aims for an overall view of an organization’s IT to eliminate having to manage separate products. Using an agentless product means that nCircle audits all assets and devices, including IP phones, routers, switches, firewalls and printers. Dashboards and automated reports add to ease of use.
2. APEX Analytix offers audit technology and services, including accounts payable, retail and sales tax audits, and contract and freight compliance. They provide comprehensive reports around each audit, and include contract compliance, best practice implementation, spend analysis and benchmarking, among others. Their FirstStrike Fraud Detect continuous monitoring program examines vendor fraud to report on high-risk situations and transactions. APEX claims that it achieves a 95% to 99% prevention rate, which has been borne out by followup audits.
3. NetWrix Corporation develops solutions that simplify the management of Windows networks and automate systems management and compliance. Their primary offerings focus on regulatory compliance, identity management and change auditing for changes to system configurations. They also offer freeware, like a disk space monitor, inactive users tracker, password expiration notifier, USB blocker and VMware change reporter. Some freeware tools have advanced commercial versions available.
4. Polivec’s EGS Policy Center integrates the management of risk and governance across the enterprise. Administrators can create and store policies to meet regulations, with all procedures and tasks in one place. The solution also informs employees, collects real-time compliance data, highlights compliance lapses and signal management of lapses. It also includes policy review and version and access control. Polivec’s customers are in financial, government, retail, energy, healthcare, entertainment and high technology.
5. BrainTree Technology makes dbDataFinder software, which scans an enterprise to pinpoint sources of confidential data as well as additional subsets, copies, and exports of that data. It can identify files and databases that contain confidential data, payment card information or customer data, within spreadsheets, Access databases, Oracle and SQL RDBMS and other document and file types. Their solutions are designed to ensure PCI and customer data, as well as confidential and privacy-related data.
Network Systems Management (Audit and Compliance Software)
Definition: Network Systems Management refers to the activities, methods, procedures and tools that pertain to the operation, administration and provisioning of networked systems. A common way of characterizing network management functions is FCAPS – Fault, Configuration, Accounting, Performance and Security.