SkyRecon StormShield Security Is Worth the Work

Customization and complexity go hand-in-hand with SkyRecon's new StormShield endpoint protection solution. The product can be difficult to set up, but once rolling, SkyRecon's offering is an impressive security tool.

SkyRecon's StormShield endpoint protection solution is remarkably flexible when compared to other centrally managed endpoint protection solutions available today.

The easiest way to understand how StormShield works is to think about it in terms that it provides all of the standard protections-software firewall, HIPS, removable storage management, device control, application control, wireless security, network access control, data encryption, and now anti-virus-in a fully scriptable and customizable manner.

Security administrators can develop complex rule sets where conditions are tested and then threat mitigation is automatically launched. For example, if a laptop is not on the corporate network and is instead connected to an open Wi-Fi hotspot, then an administrator can decide that only network traffic from whitelisted applications can be sent over a VPN tunnel, and he can block all other network traffic to and from the laptop.

The conditions can be more complex and so can the actions taken, even to the point where a series of batch files can be launched to perform multiple maintenance tasks.

StormShield has provided this functionality for several years. A recent licensing deal with Panda now rounds out the policy-driven offering by adding effective antivirus and anti-spyware features that can be deployed and managed from a single management console. This final piece launches SkyRecon into head-on competition with the likes of Symantec, McAfee, Trend Micro and eEye Digital Security.

eWEEK Labs Walk-through: SkyRecon StormShield 5.1.00 beta 2

I tested SkyRecon StormShield 5.1.00 beta 2 using Windows Server 2003 Enterprise Edition to host the StormShield Server, Management Console and SQL Server database. These can be deployed on different servers throughout an organization for better scalability. I also used a series of Windows XP Pro workstations ranging from unpatched to SP3 to test client agents. Management Console can manage multiple StormShield Servers and policy can be pushed down through the organization from primary StormShield Servers to secondary StormShield Servers. Administrative capabilities can be fully delegated and can include or exclude different administrative functions so that, for example, certain administrators can control every setting and action while others can only run reports.

SkyRecon officials say the average StormShield Server can accommodate up to 5,000 users, and there are customer deployments with as many as 90,000 seats.

I found StormShield to be one of the most difficult security software products to install, configure and deploy that I have ever used, and I have used hundreds-if not thousands-of similar products. Even with following a detailed walkthrough that the company provided, I still had to spend four to six hours over two days working directly with a sales engineer before I could develop a single policy and deploy to a single workstation. Apparently the price of total customization is having to navigate hundreds of poorly worded (and neither described nor automated) settings.

Admittedly, I was working with a recently released major upgrade, so I'm willing to provide some leeway in terms of user experience. This is, without a doubt, a product that no security administrator will be able to configure and deploy without first fully reading the manual. The version that I tested had no help at all (those of you who think that Symantec EPP 11 is too complex can now do a reality check and feel lucky they at least have context sensitive help). What made matters worse is that SkyRecon had a grand total of four articles in its support knowledgebase. The official support policy, according to SkyRecon, is that support is provided solely through solutions providers.