Close
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Subscribe
Logo
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Subscribe
    Home Cybersecurity
    • Cybersecurity

    StormWatch Stops Attacks

    Written by

    Timothy Dyck
    Published October 7, 2002
    Share
    Facebook
    Twitter
    Linkedin

      eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

      Okena Inc.s StormWatch 3.0 ups the ante in the security-hardening tool space with its ease of use and large set of pre-built security lock-down rules. Administrators who want to go beyond the usual patches-plus-firewalls combination will find StormWatch a big step forward.

      This release adds Solaris support to StormWatchs existing Windows NT and Windows 2000 support on the server agent, although Windows XP and Linux still arent supported. (Version 3.1, which began shipping at the end of last month, adds XP client support.) The desktop client supports Windows NT and Windows 2000. We tested the product on Windows 2000 Server and Windows 2000 Professional systems.

      The server agent costs a competitive $1,800 per system, and the desktop agent costs $85 per system—quite a low price for the security protection provided. The required Web-based management console costs $4,995.

      As a kernel-level security add-in for Windows and Solaris, StormWatch 3.0, which shipped in August, has a great deal in common with Entercept Security Technologies Inc.s Entercept 2.5, an eWeek Labs Analysts Choice award winner that was reviewed in our Aug. 12 issue (see the review at www.eweek.com/links). These two packages are the leaders in this space for their overall functionality and manageability.

      Both products let administrators apply trusted-operating-system-style security controls to prevent system penetration, including blocking buffer overflow attacks and enforcing mandatory access controls. We could not bypass these measures with either of the packages, even when logged in with administrator-level access.

      However, each implemetation has strengths where the other has weaknesses. Given its combination of features, we think Entercept is still the best choice for protecting Web servers, but the ease with which StormWatch let us create new rules, plus its more extensive set of packaged rules, makes it a better choice than Entercept for other types of server applications and for desktop systems.

      We criticized Entercept 2.5 in our review for not allowing us to create our own security rules and its lack of packaged sets of exceptions for common third-party applications. StormWatch, in contrast, makes it easy to add new rules and comes with packaged rule sets for a decent number of common server and desktop applications—nine for Solaris and 16 for Windows, including ones for Microsoft Office, Microsoft SQL Server and various instant messaging clients.

      StormWatch also has built-in network traffic filtering features, so it can act as a firewall (a big advantage over Entercept). And it supports desktop Windows installations in addition to Windows and Solaris servers, making it the first trusted operating system product weve seen to even try to address the desktop market. Definitely investigate this product for security-sensitive laptops.

      StormWatchs management tools are well-organized and clear and provide good reporting. We especially liked its detailed audit trail tracking, which shows who performed each administrative change and when changes occurred.

      StormWatch isnt as flexible in creating exceptions to rules (such as for administrator access). It lacks Entercepts ability to allow exceptions to its rules on the basis of three important factors: process name, host name and logged-in user. StormWatch makes exceptions based only on process name, along with some built-in general categories based on general application characteristics, such as type of network traffic sent or received. For example, when we blocked all access to a particular file and enabled access only through one particular executable, we couldnt also restrict access to a particular user.

      StormWatch also lacks Entercepts HTTP traffic filtering and rewriting features, a valuable part of a defense-in-depth strategy, as well as Entercepts ability to identify attacks by name because it doesnt use signatures in any way. Of course, the ability to stop attacks is far more important than naming them, but knowing what attacks are present and their frequency is still valuable intelligence for security staff.

      West Coast Technical Director Timothy Dyck can be reached at [email protected].

      Executive Summary

      : StormWatch 3.0″>

      Executive Summary: StormWatch 3.0

      Usability

      Excellent

      Capability

      Good

      Performance

      Good

      Interoperability

      Good

      Manageability

      Good

      Scalability

      Good

      Security

      Excellent

      Okenas StormWatch upgrade provides kernel-level security protection for Windows- or Solaris-based servers and applications. This is definitely a product for administrators to investigate when they want to lock down custom applications exposed to the outside world or protect security-sensitive Windows desktops.

      COST ANALYSIS

      StormWatch is competitively priced on the server and, at $85 per machine on the desktop, quite a bit less expensive for workstations than we expected, considering its power. Although administrative complexity for kernel-level security products is high compared with other security products, kernel-level products prevent attacks that nothing else can block.

      (+) Kernel-level mandatory access security controls; easy-to-use security policy creation tools, plus a set of pre-built rules and security definitions; built-in firewall features; can be deployed to both servers and desktops.

      (-) Doesnt allow security exceptions to be created for particular users; lacks HTTP filtering features; cannot identify attacks by name; doesnt work on Linux.

      EVALUATION SHORT LIST

      • Entercept Security Technologies Entercept 2.5
      • WatchGuard Technologies Inc.s WatchGuard ServerLock
      • Argus Systems Group Inc.s PitBull
      • www.okena.com/areas/products/products_stormwatch.html
      Timothy Dyck
      Timothy Dyck
      Timothy Dyck is a Senior Analyst with eWEEK Labs. He has been testing and reviewing application server, database and middleware products and technologies for eWEEK since 1996. Prior to joining eWEEK, he worked at the LAN and WAN network operations center for a large telecommunications firm, in operating systems and development tools technical marketing for a large software company and in the IT department at a government agency. He has an honors bachelors degree of mathematics in computer science from the University of Waterloo in Waterloo, Ontario, Canada, and a masters of arts degree in journalism from the University of Western Ontario in London, Ontario, Canada.

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      MOST POPULAR ARTICLES

      Artificial Intelligence

      9 Best AI 3D Generators You Need...

      Sam Rinko - June 25, 2024 0
      AI 3D Generators are powerful tools for many different industries. Discover the best AI 3D Generators, and learn which is best for your specific use case.
      Read more
      Cloud

      RingCentral Expands Its Collaboration Platform

      Zeus Kerravala - November 22, 2023 0
      RingCentral adds AI-enabled contact center and hybrid event products to its suite of collaboration services.
      Read more
      Artificial Intelligence

      8 Best AI Data Analytics Software &...

      Aminu Abdullahi - January 18, 2024 0
      Learn the top AI data analytics software to use. Compare AI data analytics solutions & features to make the best choice for your business.
      Read more
      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Video

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2024 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.