BlackStratus LOG Storm v220.127.116.11
April 01, 2013
Starts at $9.000. LOG Storm is available in three different virtualized models – one of them being free – and four different hardware models with varied memory and storage capacities. Perpetual licensing and flexible subscription pricing is offered.
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Simple to use as well as a large list of agent modules.
- Weaknesses: There is a need for more prepared policies and reports to help non-expert users.
- Verdict: This is a quality product with great potential.
LOG Storm combines log management and security information management with correlation technology, real-time monitoring and an integrated incident response system. The tool analyzes all event messages to identify patterns of attack, filters out false positives and prioritizes critical events. Incident information is accessible from nearly all screens within the LOG Storm GUI. This product improves the quality of alerts by incorporating vulnerability data into its correlation technology - allowing alert administrators to better determine if the monitored assets are vulnerable to certain threats. Another interesting feature is its behavior-based analytics aiding in the identification of new attacks that follow similar patterns to past attacks, but use different types of connections that attempt to bypass signature-based countermeasures.
The workflow management functions provide best-practice recommendations for remediation, mitigation, centralized case tracking and automated notification, so incident response personnel know what to do and administrators have clear insight into the actions of their team. LOG Storm provides an array of reports to aid in investigating incidents and preparing for audits, including the standard compliance package.
Log Storm was delivered to our lab as an appliance, along with "Initial Setup" and "Quick-Start" guides. Following the instructions provided by BlackStratus made the application configuration go well. Identifying networks and registering assets was simple. Adding systems and devices was straightforward, and we were impressed with the list of agent types that were available. The dashboard was fairly easy to navigate. It took some time to learn the features under each tab. The help function was easy to read and the instructions for most tasks were simple to follow. There was a bit of trouble trying to create the desired "Custom Rules" to use for the testing. We did not find a way to create keywords inside the rules. The intention was to generate an alert trigger and an incident for detection of common hacker tools that were downloaded and used on the network. However, it should be noted that the "System Rules" were easy to set up and modify.
Support is divided into multiple tiers beginning with 24/7/365 no-cost service during the product's trial period. Pay for services options include three levels: platinum, gold and standard. All three includes virtual helpdesk and troubleshooting information online, software and signature updates, expert help for managing security incidents, and delivery of new agents as they become available. Platinum provides 24/7/365 live phone support; gold provides 9 a.m. to 6 p.m. (EST) live telephone support, seven days; and standard provides 9 a.m. to 6 p.m. live telephone support, Monday to Friday. In addition, BlackStratus provides assistance from the company's website: a product knowledge base and a FAQ. The costs for the respective options are based on a percentage of the list price: standard: 20 percent, gold: 25 percent, and platinum: 30 percent. Overall, this product is properly priced and a value for an entry point into SIEM.
Sign up to our newsletters
SC Magazine Articles
- APT operation 'Double Tap' exploits serious Windows OLE bug
- 'DoubleDirect' MitM attack affects iOS, Android and OS X users
- Android malware 'NotCompatible' evolves, spawns resilient botnet
- Vulnerabilities identified in three Advantech products
- The Internet of Things (IoT) will fail if security has no context
- Operators disable firewall features to increase network performance, survey finds
- DDoS attacks cost organizations $40,000 per hour, survey finds
- Waste no time patching Windows Schannel, OLE bugs, experts warn
- Study: 68 percent of healthcare breaches caused by loss or theft of devices, files
- Spin.com redirects to Rig Exploit Kit, infects users with malware, Symantec observes
- Study: 'High priority' issues hamper endpoint security solution implementation
- Researchers identify POS malware targeting ticket machines, electronic kiosks
- Pirated Joomla, WordPress, Drupal themes and plugins contain CryptoPHP backdoor
- DDoS attacks grew in size, threats became more complex, Q3 reports say
- Man gets 18 months in prison for accessing Subway POS devices, loading up gift cards