BlackStratus LOG Storm v126.96.36.199
April 01, 2014
$9,000, plus support.
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Easy setup and general use, broad range of supported log sources.
- Weaknesses: Product is a little light on pre-packaged rules, and the interface needs an overhaul.
- Verdict: An excellent value.
LOG Storm from BlackStratus combines log management and correlation systems with real-time monitoring and an integrated incident response system all on one easy-to-deploy and use appliance. Given the time to do some rule creation and tuning, customers will be pleased with its capabilities.
Initial setup was straightforward. After unpacking and powering up the appliance, we connected a mouse and keyboard and logged into the console. There, we stepped through an ASCII wizard where we enabled log encryption, configured the networking and time information, and set up an administrator account. Once that was complete, we were able to access the product's web interface. From there, we could launch the actual Java-based console. We then pointed a few log sources toward the appliance, and added them as an asset within the console, selecting the manufacturer, product and version for each source so the appliance could apply the proper log parsing logic.
LOG Storm stores all raw logs and correlated records together on the device, giving convenient access to both data sets. For customers concerned about keeping all enterprise logs together in a single place, the product can write off the raw log files to a remote server via FTP or SFTP. Any log files exported this way can be reimported to the device if necessary for an investigation.
The device comes with 66 predefined rules. While we would have liked to see a few more, custom rules are easily created based on a handful of available templates, and the predefined rules that are there cover a lot of bases. Any incidents detected can easily be converted into cases with a built-in workflow covering analysis, mitigation, investigation and remediation. A number of report templates are available as well, covering incidents, cases, assets and users, as well as trend and compliance reports covering the major compliance standards, like PCI, SOX and HIPAA. While the interface does appear a little outdated, it was easy to navigate.
The product came to us with two printed setup documents, a quick-start guide and an installation guide. Both were well written, easy to follow and had us up and running quickly. Those documents are also available on the BlackStratus web portal, along with some FAQ documents and specific guides for a number of product features and individualized manuals for adding logs from a number of common network devices and applications.
BlackStratus offers three support tiers. Its required standard support package includes 9 a.m. to 6 p.m. (EST) phone and email assistance, Monday through Friday, with a virtual help desk and troubleshooting services, software and signature updates and incident response assistance. The gold package extends service hours to seven days a week, and platinum provides 24/7 support. Help is also available on the website via use of an online ticketing system.
BlackStratus LOG Storm is priced starting at $9,000, which includes the first year of standard maintenance and support. After the first year, the standard support option will cost 20 percent of the list price, the gold option 25 percent, and the premium option 30 percent.
Sign up to our newsletters
SC Magazine Articles
- Study: Open Source Software use increasing in enterprises but without vulnerability monitoring
- RSA Conference 2015: Prepare for the IoT before it's too late, Sorebo warns
- 'Aaron's Law' returns to Congress
- RSA 2015: Tension continues to grow between govt, cryptographers
- CozyDuke APT group believed to have targeted White House and State Department
- Study: Conficker declared top threat of 2014, but N. America targeted mainly by AnglerEK
- RSA 2015: Straight talk about encryption, bulk surveillance and IoT
- RSA 2015: In the healthcare industry, security must innovate with business
- RSA 2015: Unintended use of aircraft systems next challenge for counterterrorism community
- RSA 2015: Bug hunting and responsible vulnerability disclosure