After Configuration, StormShield Impresses

By Matthew Sarrel  |  Posted 2008-11-03 Print this article Print


However, once I got passed this monster hurdle, StormShield really impressed me. It is almost infinitely extensible because of its ability to test for multiple conditions and then apply sophisticated remediation techniques. For example, I configured a security policy to enforce such rules as "if a Word document is being copied from a local or network volume to removable media, then it must be encrypted and prompt the user to encrypt the removable media or abort the operation" and "if the laptop is connected to the internal LAN at 2 AM and CPU utilization is less than 3 percent, then launch a batch file that performs routine system maintenance."

The coupling of the ability to develop and enforce a security policy as detailed as this is unrivaled on the endpoint protection market today. Management Console is almost a specialized object-oriented development environment in which different settings are checked out, modified, checked back in, and then deployed. This is important in large organizations, where multiple security administrators might be actively working with the same console at once. 

The Panda anti-malware software worked like a charm. One of my test machines was absolutely riddled with malware, including Common Name, a Trojan downloader, 2 keyloggers, and 2 viruses. After deploying the StormShield agent with anti-virus policies in place, I walked away for a few hours (to celebrate a successful installation!) and returned to find that the machine had been automatically scanned and cleaned of all threats. All activities were logged and threats were quarantined with no user intervention at all. 

In the Management Console, the first thing to do is configure the console itself, especially under Options, Layout, set it to save or else you lose an awful lot of settings every time you restart. In the Environment Manager window, establish Global settings and policies, then create an environment to manage your organization and within that environment create "masters" to manage specific StormShield Servers, branch offices, departments, or user groups.

All of the usual suspects are there and relatively easy to set up in the Security Policy Editor, which is broken out into Network Firewall, Application Rules, Extension Rules, Trusted Rules, Wi-Fi Access Points, and Removable Devices. I was able to enable or disable the use of specific removable devices, block the use of Bluetooth, and allow or disallow using a CD burner. The Wi-Fi policy is an important differentiator as StormShield excels: specific networks can be allowed or blocked, authentication type and encryption levels can be enforced, and under Environment, Configuration, I was able to allow/prevent temporary Web access for a specific duration in minutes for Wi-Fi hotspots. Combining these settings with security policy tools, I was able to set up a rule "if connected to an open Wi-Fi network, then allow temporary Web access for five minutes at which point the user can disconnect or launch the VPN." 

Reports are adequate and provide what you'd expect, listings in either real time or of a specific date of security threats and status by agent, server, policy, network threat, or anti-virus. The high degree of customization found throughout the rest of the product is lacking in the reporting module, as very little customization is available. It is worth noting that complete customization is possible by running custom reports against the logs and databases from outside the Management Console. Logs can be distributed via e-mail or syslog at regular intervals. There is no mechanism for issue security alerts via SMS or e-mail. 

The bottom line? Unrivaled endpoint security policy management and enforcement adds top-notch anti-malware, yet installation, configuration, overall GUI, and help/wizard/support shortcomings force me to urge caution.

Matthew D. Sarrel is executive director of Sarrel Group, an IT test lab, editorial services and consulting firm in New York City.

Matthew Sarrel Matthew D. Sarrel, CISSP, is a network security,product development, and technical marketingconsultant based in New York City. He is also a gamereviewer and technical writer. To read his opinions on games please browse and for more general information on Matt, please see

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel