Quest Compliance Suite: Follow The Rules

Quest Software's Compliance Suite for Windows helps your customers meet both their compliance obligations and IT performance benchmarks.

• By Joanne Cummings
• May 01, 2007

Your customers are stuck between a rock and a hard place when it comes to meeting their obligations and having the resources to do so. IT budgets are tight, yet they still have to maintain compliance with a slew of regulatory mandates, including Sarbanes-Oxley (SOX) and the Health Insurance Portability and Accountability Act (HIPAA). Many are also trying to adhere to best practices initiatives like those from the IT Infrastructure Library (ITIL) and Control Objectives for Information Technology (COBIT). All of that leaves few dollars available to buy any new products or services you may be offering.

What if they could purchase just one relatively inexpensive product and ensure both regulatory compliance and adherence to IT best practices? They might just have some budget dollars left for that Windows Vista upgrade or the move to Office 2007.

Enter Quest Software Inc.'s Compliance Suite for Windows. Through a secure Web-based management portal, these tools give companies a consolidated view of their IT compliance status by baselining the IT infrastructure, tracking all events related to the security of information, and alerting users to violations of established corporate data security procedures -- all from one spot.

There are four components that make up the suite: the Compliance Portal, InTrust, InTrust for Active Directory and Reporter. Together, these tools help your customers monitor, track, report and alert on various user, data-access and change-management activities across an entire IT infrastructure.

In October, Quest also added support for reporting from Microsoft Exchange via Quest's ArchiveManager and MessageStats tools. Adding e-mail tracking and reporting further increases the suite's usefulness, not just for regulatory compliance, but for legal evidence and discovery purposes, as well.

In Data We Trust
The Web-based Quest Compliance Portal is the most important component of the suite. It gives your customers a single-screen view of an organization's IT compliance and framework status. It supports scheduled and ad hoc reporting, and a range of user-defined business views into IT -- both at a summary and granular level.

Quest Software Inc. Quest Compliance Suite for Windows Release Date: October 2006 Suite includes Quest Compliance Portal, InTrust, InTrust for Active Directory and Reporter. Pricing starts at $995 per server or $109 per workstation. Pricing for Reporter begins at $8 per user. www.quest.com

Because of its hooks into the other components of the suite, the portal can report on and correlate data from numerous activities. For example, users can track configuration changes via Quest Reporter, user activity via Quest InTrust, AD domains in Quest InTrust for Active Directory, mailbox usage in Quest MessageStats and e-mail storage management statistics via Quest Archive Manager.

Your customers can customize their Portal reports to meet their specific needs. Once logged into the portal, their users can view only the reports and associated data to which they have been assigned access. They can set up different profiles for management, IT personnel and auditors, for example, so business users simply interested in regulatory compliance issues can receive high-level reports. IT users can drill down into specific operational performance metrics. They can also configure the portal to handle subscriptions, which let each user receive an updated report via e-mail or a notification when a new report is available.

Still, the portal would be useless without data. That's where the second component comes in. InTrust monitors access to critical systems, to let your customers detect inappropriate or suspicious access-related events across the IT infrastructure. Each system InTrust supports requires a separate Knowledge Pack. To date, Quest provides Knowledge Packs for the following systems:

• Windows
• Solaris
• Linux (Red Hat and SuSE)
• Firewalls (Checkpoint Firewall-1 and Cisco PIX)
• Active Directory
• Microsoft Exchange
• Microsoft Excel
• SQL Databases
• Oracle Databases
• Microsoft Internet Security and Acceleration (ISA) Server
• Microsoft Internet Information Server (IIS)
• Microsoft Identity Integration Server (MIIS)
• AIX 5L

Each Knowledge Pack monitors, stores, reports and alerts on access-related events. Users can set up alerts to monitor for suspicious access activity, such as when a user has several failed log-on attempts and is then suddenly successful. They can also use it to ensure that corporate data access policies are followed correctly, so a sales user isn't accessing data stored on critical finance department servers.

Once it sends an alert, InTrust stores a secure log of the event for forensic and legal purposes. According to Quest, all event data is compressed prior to storage.

InTrust for Active Directory
Another key aspect of any bulletproof Windows-compliance solution is tracking and monitoring domain controller activities, and any changes made to AD and Group Policy. That's where the third component of Quest's suite comes in.

[Click image to view larger version.]

Quest Reporter lets your customers gather data on a variety of configuration issues, such as installed software, patch status and Active Directory group membership.

InTrust for Active Directory tracks, reports and alerts on critical information about directory changes, including who made the change, where they made the change from and the before-and-after values. On the IT operations side, this tool helps troubleshoot AD problems. It also helps on the compliance side by tracking changes and underscoring how they may have strayed from the approved configuration. It can then notify users of undesired changes, roll them back or simply prevent the changes from occurring in the first place.
For example, your customers can configure InTrust for Active Directory to prevent changes to critical AD objects, such as preventing users from accidentally deleting organizational units or modifying Group Policy Object settings.

The tool also audits all events on domain controllers, including unusual user and suspicious administrator activity or elevated privileges.

The final piece of Quest's Compliance Suite for Windows is the Quest Reporter. Quest Reporter lets IT users collect, store and report on AD and Windows-based configurations and resolve configuration problems. This is an important part of a strong compliance program, especially because configuration management and change management are key building blocks for ITIL.

Quest Reporter also automatically discovers and reports user privileges. This eases periodic account reviews and ensures that assigned privileges comply with established policies.

Competitive Landscape
The market for compliance tools is heating up. Two key competitors for Quest Compliance Suite for Windows include NetIQ Corp.'s Security Compliance Suite and Symantec Corp.'s Control Compliance Suite for Windows.
Like the Quest suite, NetIQ's Security Compliance Suite is focused on Windows environments and combines configuration management, change management and security information management capabilities to provide a quick overview of an IT infrastructure and its compliance posture. The suite includes the NetIQ Secure Configuration Manager and the NetIQ Security Manager tools.

Secure Configuration Manager audits system configurations and compares them to corporate policies, previous snapshots or other systems. It also leverages the configuration information to help users identify vulnerabilities and exposure within their environment.

Security Manager consolidates event management from various security products into a central security console, enabling real-time notification, automated response and workflow management for suspicious activities. A key to its compliance capabilities is that it comes with templates that help users readily benchmark their compliance stance against well-known regulatory mandates such as SOX, HIPAA, the Gramm-Leach-Bliley Act (GLBA) and others.

NetIQ Security Compliance Suite is sold in sets of 25 server licenses. The Standard Edition costs $800 per server and the Enterprise Edition is priced at $1,120 per server.

Symantec's Control Compliance Suite for Windows is expected to receive a big boost once it completes its acquisition of Altiris, expected in the second quarter of this year. Symantec is known for security, while Altiris' forte is in change and configuration management. Once integrated, the combined offering should provide some stiff competition to both Quest and NetIQ.

The current Symantec suite handles Windows and AD environments. The suite is agentless, so it doesn't require software on each managed server or system. Like NetIQ's product, the Symantec suite supplies regulatory content for Sarbanes-Oxley, HIPAA, GLBA and others, then validates the configuration of Windows systems against corporate information security standards and those regulations. The suite makes it easy for users to discern their compliance posture because it displays pass/fail scores against industry regulations and governance frameworks based on technical checks against the data. It also lets users baseline their IT infrastructure so that they can receive a report on the level and extent of access to sensitive corporate assets.

Like Quest's tool, the Symantec suite provides a single console for viewing compliance data, and can be set to send e-mails notifying users of new reports. It integrates with HP and Remedy change-management tools, as well as Bindview Policy Manager to ensure security compliance policies are met. Symantec also provides separate tools designed for Exchange, Novell NetWare/NDS, Unix, and Oracle and SQL databases.

Marketing and Sales
Quest provides a wealth of information aimed at getting users and partners up to speed on the benefits of implementing its suite in a complex Windows environment. In addition to the three white papers the company provides on its Web site, partners can download a PowerPoint presentation that steps customers through the process of determining the need for a combined compliance/best practices framework solution and how the Quest suite can provide a cost-effective alternative to buying point products. There are also case studies, data sheets and trial software on the Compliance Suite homepage.

Microsoft provides a highly detailed "Regulatory Compliance Management Guide" on its site. You can use this as a way to introduce your customers to the needs and challenges inherent in ensuring compliance in a Windows environment.

Spotlight Highlights Key Features Secures Web portal tracks multiple data sources from one screen Generates customized reports for business users or IT staff Provides real-time, automated, customizable alerts from multiple sources, including Windows, Linux and Solaris systems, Oracle and SQL databases, and firewalls from CheckPoint and Cisco Supports Active Directory, Group Policy and now Exchange Competition NetIQ Security Compliance Suite Symantec Control Compliance Suite for Windows Opportunities Reduces cost and complexity of complying with regulatory mandates like SOX and HIPAA Improves IT operational and management efficiency Reduces total cost of ownership

The Final Word
Your customers are facing budget pressures as they strive to comply with complex regulatory mandates as well as new initiatives to ensure their organizations adhere to IT best practices. A tool like Quest Compliance Suite for Windows can help them meet those challenges while keeping financial investments manageable.