There are two parts to the product: The server components (including the relational database and server) and the various agents that run on each endpoint. Among other things, the agent contains a host-based firewall and policy engine that can be customized to control applications and particular endpoint device features such as USB peripherals and registry entries. We tested version 4.801 on a simple network in July 2008.
Unlike anti-virus software, it doesn’t rely on signatures but on behavioral patterns of malware and exploits, to block them. It replaces the weak Windows personal firewall with a powerful host IPS engine and applications control features.
SkyRecon Systems Inc., 1440 Broadway, 23rd floor, New York, NY 10018
Tel: (877) 239 3057 | Fax: (646) 512 5167 | www.skyrecon.com
Product category: Endpoint security software
Pricing: $39-$132 per seat, depending on quantity and features purchased.
Information: http://skyrecon.com/stormshield
Summary: Application control and host IPS make for some powerful endpoint security features.
Pros:
• Variety of ways to lockdown particular endpoint components
• Runs in Windows kernel so can be used to block keyloggers without the need for signatures
Cons:
• Windows XP and 2000/SP4 only, somewhat cumbersome policy creation process
• Somewhat verbose logging can be difficult to parse