Immune System Protects Networks

Sana Security designed its Primary Response 2.2 solution around the same principle. Primary Response adapts to the environment in which it is running by learning an application's normal behavior and constructing a profile based on what it has learned. Primary Response then identifies deviations from normal files and code paths and blocks malicious attempts to infect or access an operating system. The product is designed to protect both off-the-shelf and custom enterprise servers from worms and hackers. It supports Microsoft Exchange, Windows 2003, 2000 and NT4, as well as 64-bit and 32-bit Solaris 8.

Savvy security solution providers can take advantage of the product's broad compatibility and reap the benefits of the company's high margins and thorough channel program. Margins range from 35 percent to 40 percent based upon partner level. There are three partner levels: diplomat, authorized and referral. Partners qualify based on a number of factors, including company size, scope, additional partnerships, revenue commitment and willingness to co-market with Sana.

The benefits of the channel program are many. Partners in the top-level diplomat tier receive priority sales leads; an assigned territory manager; sales, marketing and technical tools and materials; product demonstration units; early availability software; joint marketing plans; trade show support; a partner newsletter; and access to a dedicated partner Web site. Authorized partners are entitled to lead sharing; an assigned territory manager; sales, marketing and technical tools; trade show support; joint marketing plans; a partner newsletter; training and support. Partners at this level are not eligible to receive early availability software or priority leads.

Referral partners are offered an assigned territory manager; sales training and support; technical training and support; a partner newsletter; and product demonstrations.

id
unit-1659132512259
type
Sponsored post

The company requires all its partners to have a skilled security sales and engineering team, with the agreement to train their sales and engineering staff and keep training current. The top two partner levels must also meet sales forecasts, attend quarterly status meetings, maintain a specific number of co-marketing arrangements with Sana and agree to Sana's contractual terms. Referral partners do not have to meet these requirements.

Sana Primary Response's approach to the use of traditional signatures is unique in that it does not use them to identify potential threats.

From a signature perspective, relying on descriptions of well-known attacks that have already taken place is like looking in a rear-view mirror. This approach is more reactive than proactive and can leave a business open to new attacks and vulnerabilities. Instead, Sana's software relies on well-defined code programs. The software learns all of a Web server's code paths to detect any deviations, automatically notifies an administrator and blocks the execution of abnormal or malicious code.

Primary Response can also lock down any files being accessed during a threat to prevent malicious acts from spreading. The tool learns the normal behavior of an application, rather than the abnormal patterns of an attack. The software also recognizes normal memory usage and allocation within a product and can automatically respond to usage outside of the norm. One caveat CRN Test Center engineers found is that in order for Primary Response's learning process to work efficiently, the software requires an active, busy system environment. In a system with minimal traffic, there isn't enough normal activity to properly compare against any abnormal events that may occur. Therefore, solution providers should focus sales efforts on businesses large enough to maintain a relatively high level of network traffic. While the solution could be effective in some midsize businesses, Primary Response is geared toward larger enterprises.

The Primary Response solution is centrally managed and controlled. The product's high-level architecture is made up of several agents spread out across the enterprise network. All of these agents are controlled through a central management server, allowing administrators to control the agents individually or in groups.

Since system performance is a crucial issue for administrators deploying these agents, the agents are designed to use less than 5 percent CPU usage. They blend seamlessly into a network environment without disrupting normal work or traffic flow. The ability to fit in and adapt to both custom and off-the-shelf applications is key for VARs selling to customers with a wide range of systems and platforms.

Agents must be purchased separately from the software, but volume discounts are available. The initial cost for the management server software is $6,500, and each agent costs $1,750. An optional maintenance and support agreement is also available. The yearly contract offers varying levels of support. Regular support is offered during normal business hours, Monday through Friday. Premium support is pricier, but offers help 24x7. Primary Response is warrantied for up to 90 days from issuance of the license key and no longer than 120 days from the receipt of software.

The software's GUI is easy to navigate and provides extensive information in both graph and log form. Primary Response tracks incoming attacks and their origin, and also logs the most frequently attacked applications. This feature can be helpful for administrators as they assess a network's weaknesses and vulnerabilities.

The software offers a full complement of high-level reporting and integration with Oracle databases and Seagate Software's Crystal Reports tool, and can provide management with instant access to system alerts, event reporting and notification.

Sana Security's Primary Response 2.2 offers customers and administrators a proactive approach to network security and also offers solution providers the opportunity to provide an intuitive solution backed up by rich channel support, with the potential for increasing revenue and profit margins.

CHANNEL PROGRAM SNAPSHOTS
>PRIMARY RESPONSE 2.2

COMPANY: Sana Security
San Mateo, Calif.
(650) 292-7100
www.sanasecurity.com
DISTRIBUTORS: ACR, ATT Government Services, Cadre Information Security, Fishnet Security, Northrop Grumman, SAIC
TECH RATING:


CHANNEL RATING:

Note: Vendors can earn up to five stars for technical merit and five for their channel program. If the average of these two scores is four stars or greater, the product earns CRN Test Center Recommended status.