BlackStratus LOG Storm v188.8.131.52
April 25, 2014
£5,435, plus support.
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Easy setup and general use, broad range of supported log sources.
- Weaknesses: Product is a little light on pre-packaged rules, and the interface needs an overhaul.
- Verdict: An excellent value.
LOG Storm from BlackStratus combines log management and correlation systems with real-time monitoring and an integrated incident response system all on one easy-to-deploy and use appliance. Given the time to do some rule creation and tuning, customers will be pleased with its capabilities.
Initial setup was straightforward. After unpacking and powering up the appliance, we connected a mouse and keyboard and logged into the console. There, we stepped through an ASCII wizard where we enabled log encryption, configured the networking and time information, and set up an administrator account. Once that was complete, we were able to access the product's web interface. From there, we could launch the actual Java-based console. We then pointed a few log sources toward the appliance, and added them as an asset within the console, selecting the manufacturer, product and version for each source so the appliance could apply the proper log parsing logic.
LOG Storm stores all raw logs and correlated records together on the device, giving convenient access to both data sets. For customers concerned about keeping all enterprise logs together in a single place, the product can write off the raw log files to a remote server via FTP or SFTP. Any log files exported this way can be reimported to the device if necessary for an investigation.
The device comes with 66 predefined rules. While we would have liked to see a few more, custom rules are easily created based on a handful of available templates, and the predefined rules that are there cover a lot of bases. Any incidents detected can easily be converted into cases with a built-in workflow covering analysis, mitigation, investigation and remediation. A number of report templates are available as well, covering incidents, cases, assets and users, as well as trend and compliance reports covering the major compliance standards, like PCI, SOX and HIPAA. While the interface does appear a little outdated, it was easy to navigate.
The product came to us with two printed setup documents, a quick-start guide and an installation guide. Both were well written, easy to follow and had us up and running quickly. Those documents are also available on the BlackStratus web portal, along with some FAQ documents and specific guides for a number of product features and individualised manuals for adding logs from a number of common network devices and applications.
BlackStratus offers three support tiers. Its required standard support package includes nine to 18:00 (US EST) phone and email assistance, Monday through Friday, with a virtual help desk and troubleshooting services, software and signature updates and incident response assistance. The gold package extends service hours to seven days a week, and platinum provides 24/7 support. Help is also available on the website via use of an online ticketing system.
BlackStratus LOG Storm is priced starting at £5,435, which includes the first year of standard maintenance and support. After the first year, the standard support option will cost 20 per cent of the list price, the gold option 25 per cent, and the premium option 30 per cent.
Prices are US-based, thus indicative only.
SC Webcasts UK
Information Security Manager
Infosec People - Hammersmith, West London
Junior Penetration Tester, Hertfordshire, to £35k + benefits
Infosec People - England, Hertfordshire
Cyber Security Architect
CYBER EXECS - London (Greater)
SOC Analyst, Aldershot, £47-56k + package
Infosec People - Hampshire, England, Aldershot
Senior Security Engineer
Loveworklife Recruitment - United Kingdom
Sign up to our newsletters
SC Magazine UK Articles
- Tesco Bank allegedly ignored warnings of hack from Visa
- Investigatory Powers and Digital Economy Bills could threaten economy
- Updated: A million German routers knocked offline by failed Mirai botnet attack
- Microsoft update left Azure Linux virtual machines open to hacking
- Gooligan ad fraud malware infects 1.3M Android users, installs over 2M unwanted apps
- SC Awards Europe 2016 winners announcements!
- ISIS radicalises 'lone wolves' through strong social media presence
- Updated: How will Brexit affect the cyber-security industry in UK and Europe?
- ICYMI: CEO Sacked; MS Zero-day; Passwords dropped; Ransomware wild, charging hack
- 9.2 million medical records for sale on darkweb
- ICYMI: Tesco warned; IP Bill threatens economy; German routers offline; Azure trojan; Gooligan fraud
- Data centres are on the move - where will they end up?
- 90% of ITDMs believe IAM is crucial to digital transformation success
- Research: Hacked companies could see customer exodus if breached
- Misconfigured drive exposes locations of explosives used by oil industry