StormShield is designed to enhance endpoint security through user control, system level security, data protection and network connectivity. The components include device control, data encryption, application control, host-based intrusion prevention system (HIPS), firewall, wireless security, anti-virus/spyware, network device control and network access control (NAC). The SkyRecon-built security modules are fully integrated into a single client to ensure continuous zero-day protection and data leakage prevention without relying solely on signatures, reputation or rule updates.
The installation consisted of loading the automated install package onto our test Windows 2003 server. The process took us through the software load of the server, the database setup and the console setup. The install loaded a copy of MS SQL Server 2005 Express. There was support for pointing the application to an existing MS SQL environment. The deployment and configuration process was straightforward. We were up and running in about a half hour. There were options for deploying slave servers for a fully redundant and fault-tolerant environment. We tested in a single server environment.
StormShield uses a layered combination of enforceable policies, behavior- and signature-based protections. The rule protection works much like a firewall and allows the configuration of network and application device resource rules. There are templates available to use or users can create their own. The signature-based protections deliver intrusion detection system (IDS) and anti-virus-like capabilities. These are not highly configurable other than adjusting how the management console reacts to various level threats. The behavior-based protections looks much like host-based intrusion prevention. That is, they learn the profile of how applications behave and a profile is built off that behavior.
The console is launched through the server application. The user interface looks similar to a Windows tool with treed navigation and information panes on the right. Admins do need to rely on the documentation to configure as there is some complexity in navigating the menus.
The application control and host-based intrusion protection were done well. The encryption protection was granular and is available by user, whole disk, specific files or folders or for removable media. Control of devices, ports and network resources were all available. There were a handful of high-level reports available for server and workstation reporting. Also, there were a good amount of graphs available summarizing top five-style overviews for server and agent statistics. The logs were exportable to multiple formats. One can configure end-user alerting for various policy violations, but we didn't see any automated event alerting for the IT and security teams.
The documentation for Arkoon Network Security StormShield v6.x is not as solid as we would have liked. The standard support maintenance is 24/7. The current support and maintenance fee is 18 percent of the list price.
This solution has all the pieces and is well integrated. It is at the top of the pricing scale for the solutions we evaluated.