Bayshore Networks SingleKey
Strengths: Solid heuristic functions and features.
Weaknesses: Documentation could be more detailed. Expensive.
Verdict: This is not at the top of the price range, but it is a bit pricey. There is lots of very strong functionality, though.
SingleKey from Bayshore Networks is a full-featured application firewall that provides solid protection from malicious attacks to enterprise applications. This product provides defense to a vast number of application types and protocols, including HTTP/HTTPs, non-web internal protocols, databases, email, lightweight directory access protocol (LDAP), user datagram protocol (UDP) and FTP, as well as quite a few SCADA protocols.
SingleKey is provided as a highly configurable hardware- or software-based appliance, which we found to be quite easy to use. The initial setup of the appliance consists of connecting it to the network and browsing to the default IP address using a web browser on a network machine. Once at the web-based management console screen, we were able to login using the default credentials for the administrative user. After logging in, we noticed that this product comes as a complete blank slate and there is a lot of configuration to be done. All configuration is done manually without the help of wizards or templates.
With that said, this solution has a lot to offer in the way of configurability. We found the management interface to be easy and intuitive to navigate and we were setting up policies for applications within minutes of turning the appliance on. On top of a solid policy engine, this tool also includes some excellent built-in heuristic capabilities. SingleKey can automatically create a baseline of behavioral patterns of an application that is being monitored. This analysis is then stored in a backend database to be used to detect behavioral anomalies in real time, which can indicate that an application is under attack. Aside from baselining heuristics, this product also features a heuristic learning mode. Using this, administrators can automatically define internal policy rules to match the characteristics of the applications being protected with specific granularity.
Documentation included setup, installation and user guides. The installation guide covers installation of the software-based appliance with clear step-by-step instructions and screen shots of the deployment steps. The user guide, on the other hand, is not as detailed. This basically provides an overview of the various screens and menus of the administration console with a few examples, but there are no configuration instructions or context to the examples provided. We would have liked to see a lot more detail on how to configure policy and manage the appliance.
Bayshore Networks offers support through annual maintenance plans. Customers can purchase standard business-hour support or gold level 24/7 support at $6,500 and $8,125 respectively. These offerings include both phone- and email-based technical aid, as well as access to an online customer support portal. This offers customers access to a support wiki, as well as other helpful information.
At a price starting at around $32,000 for the hardware appliance, this tool is a pricey investment. However, we find it to be a reasonable value for the money based on its overall combination of highly configurable policy options and heuristics-based learning and baselining features. It is designed for a large environment that includes sensitive applications that need solid proactive protection from threats and malicious attacks.