Dell Introduces Government-Level Security Policies in KACE Appliance

Dell updated its Dell KACE K1000 Management Appliance to include support for federal security policies and scanners to ensure compliance.

The updated Dell KACE K1000 management appliance allows organizations to standardize and enforce government-level security policies across all desktops and laptops, the company said on Jan. 26.

Dell's latest version of the management appliance supports the latest Federal Desktop Core Configurations, a list of security settings required for Windows XP and Vista systems that connect to any United States federal agency, Dell said. DELL KACE K1000 reduces the organization's "attack surface" by tightening browser security and enforcing basic security configurations, according to the company.

IT teams can automatically apply a base level of security to all endpoints to defend against the latest security threats, said Marty Kacin, vice president of engineering, CTO and co-founder of Dell KACE.

In addition to FDCC support, the KACE K1000's Security Content Automation Protocol (SCAP) Scanner allows IT managers to automatically audit systems to ensure compliance with security policies, Ken Dracknik, director of product marketing for Dell KACE, told eWEEK. IT administrators update a checklist, such as FDCC, into SCAP to scan the systems and generate a compliance report. The SCAP Scanner makes it easier for IT managers to find and remediate security issues, he said.

The SCAP Scanner displays a grade to indicate how well the system met the standard security profile, Dracknick said.

Originally mandated by the Office of Management and Budget in 2007, the FDCC list contains approximately 300 security settings that federal agencies have to apply to all systems running Microsoft Windows XP Professional (SP2 and SP3), and Microsoft Windows Vista Business, Microsoft Windows Vista Enterprise, and Microsoft Windows Vista Ultimate SP 1 machines, even if they belong to contractors. The guidelines include restrictions on wireless access, keeping administrator account and user accounts separate on the machine, frequent password changes, and implementing junk e-mail filters.

The SCAP protocol was developed by the National Institute of Standards and Technology, which also maintains the FDCC list. NIST maintains different guidelines for other operating systems.

While FDCC applies only to desktops within the federal government and contractors accessing government systems, the KACE K1000 can be used by any mid-sized or large organization with compliance requirements to implement and maintain a standardized security environment, said Dracknik. Companies generally have their own policies, such as password security or installing service packs, and NIST also offers other checklists that can be used with the KACE K1000, he said.

Dell acquired Kace Networks in February 2010 for its application virtualization technology and security management tools. The Dell KACE K1000 Management Appliance emerged from the acquisition in July, handling security management tasks such as vulnerability assessment, patch management and configuration enforcement.

Dell also updated its Dell KACE Firefox Secure Browser, which can be integrated with the KACE 1000 or installed as a stand-alone application. Originally introduced in July with the K1000 appliance, Secure Browser uses application virtualization to create an isolated instance of Firefox so that Web malware and viruses don't gain access to the desktop. When Secure Browser is closed, the software is reset to its initial virtual image, allowing users to start each session fresh with no infections. IT administrators can also create customized browser configurations such as warning users of malicious activity or to preserve some user preferences, such as bookmarks, across sessions.

Pricing for the Dell KACE K1000 management appliance starts at $8,900 per unit for 100 seats. There is also "all you can eat" version priced at $89,000 for up to 20,000 seats, said Dracknik. Dell KACE K1000 will be generally available on Feb. 10. The Dell KACE Secure Browser is already available as a free download.