I’ve recently started writing for eWeek and one of my first reviews is going to be about an endpoint security product, SkyRecon StormShield. It’s been an interesting test. I’ve reviewed just about every endpoint protection product on the market and SkyRecon has, so far, been pretty good. Or rather, it’s been excellent at some things and horrible at others.
Endpoint protection typically contains some kind of client antimalware protection, firewall, intrusion prevention, that you would expect in what the consumer market calls a security suite. It’s that plus centralized management, which is a requirement for a business environment.
What makes SkyRecon really interesting is that they bring an unprecedented amount of customization to play. There is literally nothing that you can’t do from a security point of view. You can create policy based on rules and do different things when different conditions are met. For example, you can have one set of security rules for a laptop connected to the work wireless network and a stricter set for when it is connected to an open WiFi hotspot. The rules can even be much more complex than that. You might be able to do something like track the number of login attempts on a laptop. After five failure attempts, assume that it has been stolen, encrypt the whole hard drive and disable all network traffic and removable media.
While that stuff is all very cool, I have not had such smooth going of the installation and deployment process. I have to throw up a flag of caution. I sort of think that it is more like Linux in the early days than it is like the other more mature endpoint security solutions on the market today. Remember those days? When just getting Linux installed required script customization and building a custom kernel? It was great because you got exactly what you wanted, albeit after a full day of expertise specific manual labor. That’s sort of how StormShield is right now. Fantastic product, but you have to seriously roll up your sleeves to get it going.
It’s back to testing for me. I’ll leave you with the most important point of all. Whether you like SkyRecon’s thoroughly tweakable approach or prefer a more generic and easier to deploy solution, you have got to be running endpoint protection on your workstations. There are no ifs, ands, or buts about it. The Internet is a dangerous place. Let’s stay safe out there.