Okena builds a better mousetrap

The common problem with application firewalls is the complex dependencies of system objects and applications; a seemingly benign change to an application policy can wreak havoc if the change was not fully researched. To help alleviate this problem, StormWatch has a Test Mode that can be applied to a workstation or server to test policies without enforcement, simply reporting what would or would not have been permitted by the applied policies.

Free IT resource Virtualization Insights from Top Experts - Learn how virtualization gets real! Sponsored by Dell Free IT resource TechNet: More ways to know it, share it, and keep it running. Sponsored by Microsoft Okena StormWatch 3.2 Okena, okena.com/ Deploy  8.3 criteria score Ease-of-use 7 Implementation 9 Innovation 9 Interoperability 7 Scalability 9 Security 10 Suitability 8 Support 8 Training 7 Value 9 Business Case: Okena'sStormWatch provides a significant measure of protection to both servers and workstations in the network, reducing the likelihood of a successful security breach by crackers or Internet worms. Technology Case: StormWatch delivers network and application firewalling, user-authentication auditing, and event reporting with centrally controlled agents installed on each server and workstation. Pros: + Proactive server and desktop intrusion protection + Secured agent/management communications + Completely modular configuration layout Cons: - Supports only Windows and Solaris 2.8 - Fairly steep learning curve Cost: Management Server, $1,495; Server Agent, $1,800; Desktop Agent, $85 Platforms: Windows NT, 2000, XP; Solaris 2.8 Bottom Line: Okena's intrusion prevention system provides a significant measure of protection to servers and workstations in the network through network and application firewalling, user-authentication auditing, and event reporting using centrally controlled agents installed on each computer. About our Reviews and Scoring Methodology

Perhaps the most useful tool for configuring StormWatch is StormFront, a $9,995 plug-in for the StormWatch Management Server. StormFront is designed to do the heavy lifting required to implement proper application firewalling. It observes an application during normal use and creates policies to permit that application to run unhindered while the system is locked down. This feature is extremely important to the overall viability of application firewalling, given the major time investment to manually document the hooks in any given application and write the requisite policies.

In the know

The other side of IPS is in the reporting. Reports of intrusion attempts can be very large, and contain mountains of irrelevant data obscuring real data on real attacks. StormWatch attempts to combat this problem by providing an event correlation engine that combs through the data logged from the server and workstation agents, and helps determine if an attack actually took place on the basis of events seen within a configurable timeframe. When we used Nessus to simultaneously scan all our machines running the StormWatch agents, StormWatch's event correlation engine picked up on this and generated a specific event detailing the attacks.

The decision to move to an IPS such as StormWatch cannot be made lightly, as it directly affects every host within the network, and the costs of implementation for large networks may be high. And because protecting servers and workstations in this manner puts the onus of protection on the host itself, rather than on dedicated network hardware, it can impact server performance.

Nevertheless, OkenaStormWatch provides an extreme level of control over security, far more than network-centric firewalling and an IDS. Okena has made significant strides in easing the pain of IPS administration, and StormWatch performed as promised in our tests. Implementing StormWatch does not mean that you no longer need firewalls, but it can dramatically decrease the likelihood of a successful attack on a server or workstation.