SolarWinds has been around for a long time. The company gained acceptance early on as a system for monitoring and managing network communications devices, especially Cisco. So it was only natural that it would move into the GRC marketspace. It has done that over the years and the results are gratifying. The company clearly is on the technology-driven side of GRC, of course, given its genesis.
The Network Configuration Manager takes everything that SolarWinds does well and wraps it in a cloak of GRC functionality. The tool uses a single web-based management console that allows use of other SolarWinds products under a single pane of glass. The tool collects configurations from all of the devices it manages and then performs analysis for configuration changes and policy violations. It applies this analysis to ongoing configuration management duties that includes applying standards-based configurations from tested templates, executing changes when necessary, blocking unauthorized changes and detecting and reporting changes.
The system audits configurations and configuration templates against standards and regulatory requirements to ensure compliance. It also is capable of automatic remediation if that functionality is set up by administrators. Users also have the option of allowing the tool to execute remediation on its own when a violation is detected or performing the remediation manually from audit reports.
We dropped into the tool through its Configs dashboard. From here we drilled down and looked at particular nodes. The view is decidedly technical with all of the network statistics one would expect in a network monitoring tool. From this point - "All Details" on the menu bar - we also could examine a summary, vital statistics, network behavior and node configuration. We chose to drill down to the Configs tab and the particular node - a Cisco Catalyst - was displayed in detail.
On this screen we could see the potential vulnerabilities in a device of this type: policy violations, the last five configuration changes and a lot of other important information. This is the core functionality of this tool: monitoring for configuration changes. Additionally, these changes can be closely managed and tested. Reporting - which is first-rate - then ties the technical evaluations to the standards and regulatory requirements necessary.
The tool provides a concise list of the devices it recognizes and gives a lot of information about each particular device. Script creation is simple, just point and click. Once a new script has been created it can run in simulation mode to ensure that it works and doesn't break anything. If all goes well, it then can be deployed.
Compliance report creation is equally simple. Certainly there are preconfigured reports, but adding to, changing or creating new reports is fast and easy. Like all competent GRC products, SolarWinds Network Configuration Manager sports a workflow management capability. Jobs can be scheduled to run either manually or automatically. Another nice feature of the tool is its ability to aid in network troubleshooting. Why would we want this in a GRC product? Simply to ensure that there are no policy or standards violations and, if there are, or if something is not behaving correctly putting the organization at risk, to have a quick way to pinpoint the problem and fix it.
Support is excellent, with a year included in the base price, and there are additional paid options. The website is quite complete with lots of options to help support users including a SolarWinds community called thwack. Overall, this is a good example of a GRC product grown from the ground up on a history of excellence in network management. When one thinks about it, this is an excellent pedigree.