Promisec has announced a security compliance and configuration management tool for large Windows networks.

The InnerSpace policy software encompasses much of the functionality of the firm's Spectator Professional product for endpoint compliance but works over distributed networks, according to Ari Tammam, vice president of alliances.

InnerSpace is designed to perform an internal scan of Windows desktops and servers, and can collect security-compliance information across a geographically distributed network.

"With InnerSpace, there can be a 24/7 automated scanning mechanism that reports back over a wide-area network," Tammam says. InnerSpace consists of a central server holding a database for policies and configurations of Windows desktops and servers.

The InnerSpace component known as the Sentry, which can run locally on a PC or server, scans an assigned IP range of computers. The Sentry gains access to assigned machines by means of existing domain credentials in order to inspect these computers for unauthorised applications. It also checks for a number of other policy-compliance violations, such as whether anti-virus software is turned on.

"It's looking for anomalies or deviations, such as what occurs at start-up, which could indicate malware, too," Tammam says. However, InnerSpace does not perform patch management.

When the scanning engine discovers security policy violations, it provides a report to the network administrator, suggesting configuration changes or removal of unauthorised software.

InnerSpace starts at $135,000 for 3,000 users.