Securing Corporate Data From The Inside Out With SpyForce-A1

Insider threats are perpetuated by once-trusted individuals belonging to the enterprise network, so naturally, the larger the enterprise, the larger the threat.

Austin, Texas-based Nowell has rolled out SpyForce-AI ($199.99 MSRP per seat), which is geared toward containing and preventing the ever-growing insider threat.

SpyForce-AI's security utilities focus on anomalous user behavior to identify when things look like they might be going awry.

The product's claim to fame comes from the inclusion of an Artificial Intelligence (AI) engine that adapts to user behavior and learns the acceptable process for a user's interaction with corporate information. Over time, the AI engine builds a better understanding of data flow and becomes even more accurate at identifying anomalies.

The product not only detects suspicious insiders and locks out intruders, it also enforces compliance measures outlined by FISMA, NIST 800-53, SOX, GLBA, HIPAA and VISA CISP.

SpyForce-AI is classified as a host-based anomaly detection/authentication product and comes as software designed to run as a client/server application. Administrators will install the server portion of the product on a dedicated Red Hat Linux server and then push the client portion out to the various corporate workstations. The server side of the product consists of two applications, Cyclone and Jenius. Cyclone is responsible for storing and organizing all of the user data in a secure database, while Jenius acts as the AI engine.

After the server-side installation is completed, agents must be installed on each of the workstations to ensure security. The agents are responsible for secure communications between the user and the Cyclone/Jenius server combo and must monitor activity and pass normalization data onto the server.

Sites with multiple domains will need to configure multiple copies of Cyclone and Jenius, as each domain gets its own server software. This helps to isolate business units from each other and could possibly fuel a managed service deployment from a hosted offering.

Installation of the server-side components requires knowledge of Linux and can be complicated for technicians who are new to Red Hat operating systems. A better solution would be for Nowell to bundle in a hardened version of Linux with a quick-install option. That would allow solution providers to take an appliance route to deliver Nowell's product.

Server installation issues aside, working with SpyForce-AI is straightforward. The product offers a graphical user interface (GUI) for managing and monitoring the product. The security GUI must be installed on a Windows workstation and is the primary method for setting up and fine-tuning the product.

The security tool proves to be robust and intuitive, but solution providers would benefit from a browser-based application that allows off-site management and will be a better fit for those seeking to offer security management services. To overcome that shortcoming, VARs can implement a remote-control package to access the management system.

The product offers several options for protecting client PCs and corporate information. Administrators can choose various lockout schemes or place the system in a monitor-and-report-only mode. The second part of the puzzle comes in the form of the SpyForce-AI agent, which must be installed on each corporate PC. Regrettably, Nowell does not offer an automated deployment tool, which forces administrators to manually install the agent on each workstation or to create a script to automate the process. Scripting automatic installs can be a hit-or-miss process, and administrators may want to turn to an application deployment product to push out the client software.

In practice, the client portion of the software works quite well. Upon first use, a user is interrogated (perhaps "interviewed" would be a better description) by the client software. The interrogation process builds a profile for the user and determines the norms of their usage. Several aspects of the user's profile can be stored, ranging from applications accessed to login styles. The data gathered is used for both initial user validation and anomaly detection.

While the product strives to automate much of the access process, administrators still will want to refer to activity data. The product includes a reporting engine, which can gather several elements from the product's logs. The reports prove to be somewhat cryptic, but all of the needed information is there. The reporting process can be greatly enhanced by leveraging a third-party reporting product, such as Crystal Reports, or at the very least, bringing log information into a spreadsheet for manipulation and graphing capabilities. While the reporting comes across as a shortcoming, solution providers can offer an analysis service to derive more revenue and provide concise reports to their customers.

Although SpyForce-AI has a less-than-polished feel, the product does accomplish its primary goal—containing the insider threat. Also, those driven by compliance needs will find both the security capabilities and reporting information key elements to building compliant information services—that alone may be worth the price of entry.

For a company new to the channel, Nowell offers a surprisingly robust channel program.

Partners are categorized into two tiers based upon sales revenue goals. The small/midsize-business level calls for revenue of less than $100,000 per year, while the enterprise level has a goal of more than $100,000 a year. Margins range from 10 percent to 20 percent and are based on contractual agreements between the partner and Nowell.

Partners also can build revenue from margins generated by annual maintenance support contracts, which are on average 25 percent of the initial end-user contract per year.

Personalized training is available for $1,500 per person, per course. Additional charges may apply for factors related to logistics and travel. The company also offers Web-based training.

Additional revenue opportunities are available to partners that exceed sales projections. Nowell will offer "Great Team" awards to honor their achievements and will consider improving their commission rates as an incentive to encourage continued success.

Partners also have access to unlimited, dedicated support as well as demo products. The company provides free listings on its Web site to promote leads.