Brews Up a StormSystem that Secures All Applications
Author - Laura
- June 29, 2002
OKENA's announcement of their product line StormSystem indicates
that they intend to grow and expand their innovative intrusion prevention
system with highly integrated new add-ons. Having seen unprecedented success
in obtaining funding and customers in one of the worst economies ever,
Relevant Technologies expects OKENA to be a leading contender in an intrusion
management market that has yet to boast a distinct leader.
the pending release of StormTrack, OKENA has rounded out its intrusion
prevention product line to a suite of three highly integrated products.
In a market where investment capital is hard to come by, OKENA not only
found $ 12.4 million in venture capital funding, they managed to orchestrate
over 100 customer installations in the same year.
plan is to continue adding to their product line, and further develop
more intrusion prevention products based on their proprietary INtercept
COrrelate Rules Engine INCORE architecture. Their intrusion prevention
system is anchored to the management console by StormWatch. The auxiliary
products known as StormTrack and StormFront, complement the StormWatch
agent that gets installed on the server (file, database, web or application
server) or desktop and communicates with the central management console.
is especially unique about OKENA's StormSystem is that is has the ability
to learn. Let's say a new enterprise application comes out next month
and even though it is something upon which you want to base your mission
critical operations, you know that it is inherently insecure. StormFront
can learn how the new application works, and give you all the information
you need to develop a rule-set to load into the StormWatch agent. StormFront
is not only smart and sophisticated, but the fact that it can learn and
then enforce new application behavior means that it is also highly scalable
-- as you add new applications to your infrastructure, you can secure
enterprises that have so many application servers, that they don't even
know where they all are and what needs to be secured, StormTrack can scan
and inventory all the applications hosted and running on servers on the
network. With an application inventory, administrators can then understand
which applications are out there, and which ones need to be secured by
the StormWatch agent. You then put StormFront to work, which monitors
and studies the unprotected applications over a period of time. StormFront
can determine which files each application is supposed to write and read
to, and which files it is not supposed to write and read to. With the
information from StormFront, a rule-set is automatically generated that
prevents the application from being manipulated by hackers into miscreant
behaviors. You load the rule-set or policy' into the StormWatch agent
which is already resident on the server or desktop.
of the things we particularly like about OKENA's product line is the highly
integrated user interface. Unlike some security products that are forced
into a product line through mergers and acquisitions, OKENA's products
were all developed to interoperate with each other using their proprietary
INCORE technology architecture.
three products cleanly integrate with the management console, allowing
one interface for capturing, filtering, and understanding real-time log
files, alerts, rule-sets and acceptable application behavior. Because
of the dynamic and highly integrated nature of their products, a cost
savings can be had since all three products work with the same management
console. Once you have security products deployed, managing them is key
to their success. Even if the only thing you do is read the logs files,
you still need to understand how they work, and that they are in fact
working. The easiest way to monitor your security products is through
a central management console which is also Web-based.. A typical formula
for calculating security ROI is to divide the Total Value of Assets (TVOA)
by the Total Cost of Safeguards (TCOS). The smaller your TCOS value, the
higher your ROI will be.
Value of Assets of Assets
ROI = 5:1 Total
you need to purchase a third-party management console, you increase the
cost of your safeguards, and by doing so, decrease your potential ROI.
1. Corporate Information
||71 Second Avenue, Waltham, Massachusetts, 02451
||StormWatch, StormFront, StormTrack
||Mid to Large Size Enterprise Networks
||Information Technology, Federal Agencies, E-Commerce, Financial
|| INCORE Technology, Automated Learning
Strategy and Trajectory
sells StormSystem directly as well as through its channel partners. With
an OPSEC partnership with Check Point, OKENA hopes to assist Firewall-1
and VPN-1 customers that want the added protection of application security
and extension of security out to the remote corporate desktop. While firewalls
offer perimeter protection, the fact that firewalls create ingress and
egress openings in necessary TCP and UDP ports means that those particular
ports are susceptible to a variety of attacks.
are quite a few employees at OKENA that are the same team that made AXENT
and Raptor a success. As well, OKENA has been able to attract key development
strategists from ISS and other prominent security vendors. Even though
they are new players on the block, OKENA is hardly new to security. OKENA's
expert knowledge of information security products, and the market, is
a key, contributing factor to the early success they have seen so far.
Recommendations and Future Visions
intrusion management market is a competitive market, and though there
are no clear leaders, rival vendors are beginning to understand that detecting
intrusions is not enough. Intrusion prevention is the next wave of intrusion
management products, and contenders such as Entercept, SecureWave, and
Harris are all vying for a piece of the market.
built-in intelligent agents are already more advanced than more intrusion
management technologies, and since OKENA seems to understand security
automation, it's time for customers to start asking them for the kind
of enhancements that will add even more value to OKENA's already savvy
intrusion prevention system. What we'd like to see going forward from
OKENA, is a better way to classify application behaviors, relative to
security concerns. Applications need to behave the way we want them to,
and the way we expect them to. For example, all messaging applications
should have certain things in common as far as behaviors go. Databases
should have their own predictable behaviors, as should network infrastructure
servers like DNS servers.
analogy can be made to cars driving down the highway - all drivers are
expected to follow certain behaviors that are for the most part predictable.
Because drivers follow predictable behaviors, keeping the highways safe
is straightforward. If the applications on your network followed predictable
behavior patterns, it would improve the ability to more fully automate
security. Since StormSystem is one of the most advanced security automation
systems, OKENA seems well positioned to start setting standards for application
behaviors. The challenge will be getting vendors to follow the rules once
these standards have been set. For vendors who don't want to build security
into their products, following application behavior rules would be a competitive
advantage. If OKENA can make this happen, Relevant Technologies expects
to see vendors start marketing their applications with some sort of "secured
by OKENA" seal of interoperability.
larger your enterprise network, the more it makes sense to use a product
line like StormSystem because you have more assets that you need to safeguard.
The greater the value of your assets, the higher your risk exposure is.
The fact that StormTrack can identify unprotected applications makes the
product line particularly appealing to networks that have grown to epic
following organizations can benefit from implementing StormSystem:
- Large enterprise networks with valuable information assets
that have lost track of their application servers and databases
institutions that need to protect monetary assets
that need to protect Microsoft or Solaris operating systems
establishments that need to safeguard patient information
developers that want to protect proprietary architectures
testers that want to understand how application security works
Copyright ©2002 Relevant Technologies, Inc. All
rights reserved. This document requires prior permission before publication,
transmittal, or storage on either hardcopy or softcopy formats.