The tool is an anomaly detection system that looks out for suspicious activity by computer users. It offers an intelligent authentication mechanism that looks for a user who exhibits suspicious behavior. It detects suspicious activity on the network by monitoring user accessed remote hosts and ports. Shalom also detects user anomalies with respect to hardware-specific variables, such as processor architecture, processor level, processor mask, OEM I.D., minimum/maximum application address and memory page size.
Once identified as suspicious, a user is reported to the central console and then presented a set of challenge questions to validate their identity. If the challenge questions are answered correctly, the installed agent will allow the user to continue to reside on the network. If the challenge questions are answered incorrectly, the user is logged off the network.
The management and monitoring is provided as a cloud solution. There is an agent that is loaded on the individual hosts. Automated deployment options are available for attended or unattended agent installation. The agent is required to communicate with the hosted servers. This communication appeared to work well without noticeable latency.
We found the reporting to be somewhat lacking compared to the other solutions we reviewed. Email alerting on events is supported and was easy to configure.
This offering can provide an additional level of user identity management. We liked the concept and, properly managed, it can provide an additional level of protection. As with all anomaly detection systems, it has to rely on a good baseline of "normal" behavior.