OKENA
Brews Up a StormSystem that Secures All Applications
Featured
Author - Laura
Taylor
- June 29, 2002
Executive
Summary
(SecurityWire)
OKENA's announcement of their product line StormSystem indicates
that they intend to grow and expand their innovative intrusion prevention
system with highly integrated new add-ons. Having seen unprecedented success
in obtaining funding and customers in one of the worst economies ever,
Relevant Technologies expects OKENA to be a leading contender in an intrusion
management market that has yet to boast a distinct leader.
Product
Highlights
With
the pending release of StormTrack, OKENA has rounded out its intrusion
prevention product line to a suite of three highly integrated products.
In a market where investment capital is hard to come by, OKENA not only
found $ 12.4 million in venture capital funding, they managed to orchestrate
over 100 customer installations in the same year.
OKENA's
plan is to continue adding to their product line, and further develop
more intrusion prevention products based on their proprietary INtercept
COrrelate Rules Engine INCORE architecture. Their intrusion prevention
system is anchored to the management console by StormWatch. The auxiliary
products known as StormTrack and StormFront, complement the StormWatch
agent that gets installed on the server (file, database, web or application
server) or desktop and communicates with the central management console.
What
is especially unique about OKENA's StormSystem is that is has the ability
to learn. Let's say a new enterprise application comes out next month
and even though it is something upon which you want to base your mission
critical operations, you know that it is inherently insecure. StormFront
can learn how the new application works, and give you all the information
you need to develop a rule-set to load into the StormWatch agent. StormFront
is not only smart and sophisticated, but the fact that it can learn and
then enforce new application behavior means that it is also highly scalable
-- as you add new applications to your infrastructure, you can secure
them all.
For
enterprises that have so many application servers, that they don't even
know where they all are and what needs to be secured, StormTrack can scan
and inventory all the applications hosted and running on servers on the
network. With an application inventory, administrators can then understand
which applications are out there, and which ones need to be secured by
the StormWatch agent. You then put StormFront to work, which monitors
and studies the unprotected applications over a period of time. StormFront
can determine which files each application is supposed to write and read
to, and which files it is not supposed to write and read to. With the
information from StormFront, a rule-set is automatically generated that
prevents the application from being manipulated by hackers into miscreant
behaviors. You load the rule-set or policy' into the StormWatch agent
which is already resident on the server or desktop.
One
of the things we particularly like about OKENA's product line is the highly
integrated user interface. Unlike some security products that are forced
into a product line through mergers and acquisitions, OKENA's products
were all developed to interoperate with each other using their proprietary
INCORE technology architecture.
All
three products cleanly integrate with the management console, allowing
one interface for capturing, filtering, and understanding real-time log
files, alerts, rule-sets and acceptable application behavior. Because
of the dynamic and highly integrated nature of their products, a cost
savings can be had since all three products work with the same management
console. Once you have security products deployed, managing them is key
to their success. Even if the only thing you do is read the logs files,
you still need to understand how they work, and that they are in fact
working. The easiest way to monitor your security products is through
a central management console which is also Web-based.. A typical formula
for calculating security ROI is to divide the Total Value of Assets (TVOA)
by the Total Cost of Safeguards (TCOS). The smaller your TCOS value, the
higher your ROI will be.
| Total
Value of Assets of Assets |
|
$1,000,000 |
| ------------------------------ |
= |
-----------
ROI = 5:1 Total
|
| Cost
of Safeguards |
|
$
200,000 |
If
you need to purchase a third-party management console, you increase the
cost of your safeguards, and by doing so, decrease your potential ROI.
Figure
1. Corporate Information
| Headquarters |
71 Second Avenue, Waltham, Massachusetts, 02451 |
| Product Line |
StormSystem |
| Products |
StormWatch, StormFront, StormTrack |
| Customer Scope |
Mid to Large Size Enterprise Networks |
| Industry Focus |
Information Technology, Federal Agencies, E-Commerce, Financial
Services |
| Key Features |
INCORE Technology, Automated Learning |
| Employees |
51 |
| Website URL |
http://www.okena.com/ |
| Contact Information |
781-209-3200 |
Product
Strategy and Trajectory
OKENA
sells StormSystem directly as well as through its channel partners. With
an OPSEC partnership with Check Point, OKENA hopes to assist Firewall-1
and VPN-1 customers that want the added protection of application security
and extension of security out to the remote corporate desktop. While firewalls
offer perimeter protection, the fact that firewalls create ingress and
egress openings in necessary TCP and UDP ports means that those particular
ports are susceptible to a variety of attacks.
There
are quite a few employees at OKENA that are the same team that made AXENT
and Raptor a success. As well, OKENA has been able to attract key development
strategists from ISS and other prominent security vendors. Even though
they are new players on the block, OKENA is hardly new to security. OKENA's
expert knowledge of information security products, and the market, is
a key, contributing factor to the early success they have seen so far.
Vendor
Recommendations and Future Visions
The
intrusion management market is a competitive market, and though there
are no clear leaders, rival vendors are beginning to understand that detecting
intrusions is not enough. Intrusion prevention is the next wave of intrusion
management products, and contenders such as Entercept, SecureWave, and
Harris are all vying for a piece of the market.
StormWatch's
built-in intelligent agents are already more advanced than more intrusion
management technologies, and since OKENA seems to understand security
automation, it's time for customers to start asking them for the kind
of enhancements that will add even more value to OKENA's already savvy
intrusion prevention system. What we'd like to see going forward from
OKENA, is a better way to classify application behaviors, relative to
security concerns. Applications need to behave the way we want them to,
and the way we expect them to. For example, all messaging applications
should have certain things in common as far as behaviors go. Databases
should have their own predictable behaviors, as should network infrastructure
servers like DNS servers.
An
analogy can be made to cars driving down the highway - all drivers are
expected to follow certain behaviors that are for the most part predictable.
Because drivers follow predictable behaviors, keeping the highways safe
is straightforward. If the applications on your network followed predictable
behavior patterns, it would improve the ability to more fully automate
security. Since StormSystem is one of the most advanced security automation
systems, OKENA seems well positioned to start setting standards for application
behaviors. The challenge will be getting vendors to follow the rules once
these standards have been set. For vendors who don't want to build security
into their products, following application behavior rules would be a competitive
advantage. If OKENA can make this happen, Relevant Technologies expects
to see vendors start marketing their applications with some sort of "secured
by OKENA" seal of interoperability.
User
Recommendations
The
larger your enterprise network, the more it makes sense to use a product
line like StormSystem because you have more assets that you need to safeguard.
The greater the value of your assets, the higher your risk exposure is.
The fact that StormTrack can identify unprotected applications makes the
product line particularly appealing to networks that have grown to epic
proportions.
The
following organizations can benefit from implementing StormSystem:
- Large enterprise networks with valuable information assets
- Organizations
that have lost track of their application servers and databases
- Financial
institutions that need to protect monetary assets
- Businesses
that need to protect Microsoft or Solaris operating systems
- Medical
establishments that need to safeguard patient information
- Technology
developers that want to protect proprietary architectures
- QA
testers that want to understand how application security works
Copyright ©2002 Relevant Technologies, Inc. All
rights reserved. This document requires prior permission before publication,
transmittal, or storage on either hardcopy or softcopy formats.
Demystifying SAP Solution Manager | Cloud Assets: A Guide for SMBs—Part 3 | I Want My Private Cloud | The Sum of All Malware Fears: Siemens on Stuxnet | Managing the Overflow of E-mails | Security Risk Assessment and Management in Web Application Security | Are You Adequately Protecting Your IT Infrastructure Components Inside the Firewall? | Enterprise Resource Planning Giants Eye the Shop Floor | Who Else is Using Your Wireless Network? | Information Security Firewalls Market Report
Part Two: Current Market Trends and User Recommendations | Information Security Firewalls Market Report
Part One: Market Overview and Technology Background | Automated Enterprise: Many High-ROI Opportunities | Secure Transfers of Large Files Over the Internet Using YouSendIt | Fed Warms Up to ERP Spending, but Will Contractors and Their ERP Vendors Comply?
Part Two: Challenges and User Recommendations | Feds Warms Up to ERP Spending, but Will Contractors and Their ERP Vendors Comply?
Part One: Event Summary and Market Impact |
Product Review: GFI's LANguard Network Security Scanner | The Best ACT! Is Still to Come | HIPAA-Watch for Security Speeds Up Compliance
Part Two: Phase III and IV, and Product and User Recommendations | HIPAA-Watch for Security Speeds Up Compliance
Part One: Vendor and Product Information | EAM Versus CMMS: What's Right for Your Company? Part One | Using PKI to Protect Your Business Information | The CyberAngel: Laptop Recovery and File Encryption All-in-One | Evaluating Enterprise Software-Business Process or Feature/Function-Based Approach? All the above, Perhaps?
Part Three: Knowledge Bases and User Recommendations | InsideOut Firewall Reporter Unravels the Mysteries of Your Firewall Logs | The Future of Secure Remote Password (SRP)
Part Two: Overcoming Obstacles to Success | The Future of Secure Remote Password (SRP) | Integrated Security: A New Network Approach
Part Two: The Shift Toward Integration | Integrated Security: A New Network Approach | Vendor Analysis: Kaspersky Anti-Virus Products Examined | 6 Immediate Business Improvements Offered by an Online SRM System:
Part 3: Other Points to Consider | Legacy Single Sign-On: Novell, Evidian, IBM, PassGo, or Computer Associates? | Fourth Shift's evolution Within SoftBrands' DemandStream | Incident Handling and Response Capability: An IT Security Safeguard
Part 2: Establishing the Capability | Incident Handling and Response Capability: An IT Security Safeguard
Part 1: Are You Ready to Support an Incident Response Capability? | Outsourcing Security
Part 3: Selecting a Managed Security Services Provider | Outsourcing Security
Part 2: Measuring the Cost | Outsourcing Security
Part 1: Noting the Benefits | Vendor Review: SecureWave Protects Microsoft Operating System Platforms | Thanks to a Smart Little Company called Lexias, CIOs Can Now Empower their Users to Assist in eBusiness Security | Feds Buckle Down on Customer Information Security | Identix Leads Biometric Authentication | Bootcamp for the Pros; Why Ernst & Young Will Lead Security Auditing Standards | Vendor Analysis: Interliant's Security Vulnerability Assessment | OKENA Pioneers Next-Generation Intrusion Prevention | Social Engineering Can Thwart the Best Laid Security Plans | Application Single-Sign On: Netegrity, Securant, or Evidian? | Lost Your Laptop? The CyberAngel® Brings It Back | InsideOut Makes Firewall Reporting Useful | The SOAP Opera Progresses - Helping XML to Rule the World | Talarian and NextSet Team for B2B Solutions | Tempest Creates a Secure Teapot | E*Trade Ignores Private Security Warning, But Public Hullaballoo Gets Response | My Network Engineers are Talking about Implementing Split DNS. What Does that Mean? | Human-Machine Interaction Company Ramps Up Firewall Product Line | Security Information Market Heading for Growth | Alibris Charged with Intercepting Email | Cart32 in Need of Duct Tape | Deutsche Telekom to Acquire VoiceStream Wireless | Study Shows: FBI Alienates Industry Security Experts | Firewall Cowboyz Set the Stage to Free Innocent Convict | Symantec Swallows AXENT; Takes on Network Associates | Novatel Wireless and Diversinet Team Up to Provide Security for Wireless Modems | Windows 2000 Bug Fixes Posted | Baltimore Technologies Doubles Revenues, Offers World-Class PKI Hosting | The Whys and Hows of a Security Vulnerability Assessment | Earthlink Leads the Way in DSL Security | PKI and Biometrics Ready for Take-Off | Secure Transport of EDI and XML for Trading Exchanges | Can You Trust Entrust? | Standard & Poor's Announces Security Certification | Check Point Leads Firewall Market | Fighting Cybercrime on the Internet | NetWare for Small Business – NetWhy? | Let Your Hard Drives Tell You Where they Are! | E&Y Spins-Off eSecurity Online and Unveils Security Vulnerability Assessment Services | With Record Revenues, AXENT Puts Down a Solid Fist | NAI Will Pay Trend $12.5 Million Resulting from Law Suit | Sub7 Tells Chat Rooms All Your Stuff; F-Secure Leads the Battle | E-Cash Rollout Replaces Amex | GSA Schedule Partnership Gets Network-1 in the Door | Los Alamos Loses Top-Secret Information, Again! | Standard & Poor's Exposes Customers' Security | The AS/400 Takes You Securely Where You Want to Go | Trend Micro Steps into PDA/Wireless AntiVirus Information Market | CryptoSwift Takes Rainbow Revenues Up 620% | Smart Shoppers Go Abroad for Affordable Information Security Programs | Anti-Virus Advisories: Rating Them | The 7 Habits of Highly Effective Security | Fischer’s Prio! SecureSync ~ A Solution to Enterprise Directory Chaos | Abandon All Insecurity, Ye Who Enter Here | Top 10 Excuses For Not Securing Your Website or Network | Ernst & Young Leads Big 5 in Security | 6 Days After Advisory Posted, AboveNet Gets Hit | A Firewall is Cheaper Than a Lawyer | Fixing Security Backdoors:
Red Hat 1, Microsoft 0 | WAP Forum Specifies RSA’s RC5 Encryption For Wireless | Netpliance Responds Quickly to Hardware Hack | Security Stocks Burn Rubber | DSL Provider Scoops up Netscreen Firewall Goldmine | Cyclone Untangles Digital Partnerships | Security Begins on Your Desktop | Network Associates Hopes to Rekindle the Flame | Hacker Publication Gets Top Defense Attorney | Saudi Arabian Network Security Provokes Local Considerations | Gosh, There’s a Bug in Windows 98 | Robust Systems are Built from the Bottom Up | DOJ Keeps Low Profile on Curador; Protect Your IIS Server Today! | Security Breach: Now What? | Sendmail, Inc. and Disappearing, Inc. Team Up to Add Enhanced Security | Is Your Financial Transaction Secure? | Compaq, HP, IBM, Intel and Microsoft Create New PC Security Alliance | Expect Boom in Electronic Signatures | Secure Your Search Engine | President Proposes Security of Medical Records | Sendmail Takes Security to the Next Level with Version 3.0 for NT | CheckPoint & Nokia Team Up to Unleash a Rockin' Security Appliance | Trend Micro Anti-Virus Server for Microsoft Exchange ~ A Secure Choice For Enterprise Wide Anti Virus Protection. | Security Snafu at NetBank | Freeware Vendor's Web Tracking Draws Curses | The "S" in SAP Doesn't Stand for Security (that goes for PeopleSoft too) | Content Technologies releases MIMEsweeper PolicyPlus | Hackers Will Be Out in Full Force On New Year's Eve | Analysis of Virgin Net's Hacker Scare | Network Associates RePositions Itself as a Security E-Village | Lexiguard™: The Coming "Adobe Acrobat" of Encryption | CyberPeepers from Korean Sites Peek at U.S. Networks | Would You Hire a Hacker? What Would Your Mother Say? | @Home Scans Own Customers | CIOs Need to Be Held Accountable for Security | New Market for Security Insurance | At Least Your Boss Can't Read Your Home E-mail, Right? Wrong! | PrettyPark Virus Litters Cyberspace | Packard Bell / NEC Leads Secure Etoken Deployment | Congress Acknowledges Outdated Banking Laws | How Secure is Your E-Mail? | Trend Virus Control System - A Centralized Approach to Protection | VPNs Are Hot, but What Are They? | ATM Machines Hacked in Moscow | How To Mitigate Holiday Cybercrime | Surf's Up at Akamai |