Page 1 of 2
Securing your borders is the first step in preventing outsider attacks, but in many cases, security professionals are so focused on that task that an even bigger threat goes unaddressed: the insider threat.
Insider threats are perpetuated by once-trusted individuals belonging to the enterprise network, so naturally, the larger the enterprise, the larger the threat.
Austin, Texas-based Nowell has rolled out SpyForce-AI ($199.99 MSRP per seat), which is geared toward containing and preventing the ever-growing insider threat.
SpyForce-AI's security utilities focus on anomalous user behavior to identify when things look like they might be going awry.
The product's claim to fame comes from the inclusion of an Artificial Intelligence (AI) engine that adapts to user behavior and learns the acceptable process for a user's interaction with corporate information. Over time, the AI engine builds a better understanding of data flow and becomes even more accurate at identifying anomalies.
The product not only detects suspicious insiders and locks out intruders, it also enforces compliance measures outlined by FISMA, NIST 800-53, SOX, GLBA, HIPAA and VISA CISP.
SpyForce-AI is classified as a host-based anomaly detection/authentication product and comes as software designed to run as a client/server application. Administrators will install the server portion of the product on a dedicated Red Hat Linux server and then push the client portion out to the various corporate workstations. The server side of the product consists of two applications, Cyclone and Jenius. Cyclone is responsible for storing and organizing all of the user data in a secure database, while Jenius acts as the AI engine.
After the server-side installation is completed, agents must be installed on each of the workstations to ensure security. The agents are responsible for secure communications between the user and the Cyclone/Jenius server combo and must monitor activity and pass normalization data onto the server.
Sites with multiple domains will need to configure multiple copies of Cyclone and Jenius, as each domain gets its own server software. This helps to isolate business units from each other and could possibly fuel a managed service deployment from a hosted offering.
Installation of the server-side components requires knowledge of Linux and can be complicated for technicians who are new to Red Hat operating systems. A better solution would be for Nowell to bundle in a hardened version of Linux with a quick-install option. That would allow solution providers to take an appliance route to deliver Nowell's product.
Server installation issues aside, working with SpyForce-AI is straightforward. The product offers a graphical user interface (GUI) for managing and monitoring the product. The security GUI must be installed on a Windows workstation and is the primary method for setting up and fine-tuning the product.
The security tool proves to be robust and intuitive, but solution providers would benefit from a browser-based application that allows off-site management and will be a better fit for those seeking to offer security management services. To overcome that shortcoming, VARs can implement a remote-control package to access the management system.
The product offers several options for protecting client PCs and corporate information. Administrators can choose various lockout schemes or place the system in a monitor-and-report-only mode.
1
|
2
|
Next >>
