The concept of endpoint security may have been with us for years, but it has many different interpretations, depending on which vendor you talk to. Some concern themselves with controlling software and blocking malware on workstations, whereas others focus purely on managing access to hardware devices. SkyRecon's StormShield stands out from the crowd, as it has a much broader focus on endpoint security and it does it all with a single agent, which only uses 7MB of storage and 2% CPU. Along with clientside firewall and IPS facilities, StormShield provides network access controls, can block the installation and use of unauthorised applications, and offers transparent encryption for sensitive data held in local files and folders. There's much more, as it can manage the use of removable media such as USB flash drives and also control access to wireless networks.

StormShield uses the concept of environments where each contains a master server, along with multiple network definitions and their associated client systems. Security policies are created and assigned to each network, making for a versatile solution, as you can deploy different policies, dependent on which network a client is a member of. StormShield take a three-pronged approach to security, as it uses rules to determine privileges for accessing applications, the registry and network, whilE automatic protection handles intrusion detection and prevention. Profilebased protection is a smart feature, as it monitors system calls and, after a learning phase, can provide 'day zero' defences by blocking new attacks without the need for signatures.

Installation of the central server and database took us less than 30 minutes and the management console is easy enough to use - where we started by creating an environment for our test network and client systems. Basic protection can be deployed swiftly, as SkyRecon provides a choice selection of default policies for immediate use. Rules are separated neatly into different categories, with the network firewall comprising administrator-defined security policies. These are the same as standard firewall rules where you define data flows and protocols, and decide whether to allow or block them. The next category enforces local application controls where you can apply black or white lists and stop applications being renamed, deleted or moved.

System and process behaviour can be monitored, so you can block malware such as key loggers and stop malicious programmes illegally using memory or DLLs. The controls for removable media and wireless network actions really set StormShield apart and we found these components to be very useful. Floppy drives and a wide range of USB devices - such as HIDs, printers and flash disks - can be strictly controlled simply by selecting the check box next to them. The wireless access features are very good, as client associations with open access points (APs) can be blocked and you can insist on either WEP or WPA/WPA2 encryption being used. You can go even further with the wireless group settings, as associations with selected SSIDs can be enforced and you can even define specific APs by their MAC addresses.

Agent deployment is a cinch, as you simply ask your client to point a browser at the StormShield server where they can download the required component. Policy deployment is just as easy, as you decide which one is to be applied to a network definition and push it from the server where it will be automatically applied to all systems in the collection.

StormShield takes end-point security to the next level, as it delivers extensive access controls that it would traditionally require multiple disparate products to achieve. It's also very simple to deploy and manage, and its modular design allows it to be tailored to suit your network environment.

Product: StormShield 5.0
Supplier: SkyRecon Ltd
Telephone: 01223 257736
Web site: www.skyrecon.com
Price: £30.80-£52.50 per endpoint