Nowell SpyForce-AI v2.0
November 01, 2007
£45.99 per computer
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: An unusual approach to managing the insider threat
- Weaknesses: Bit pricey, bad acts embedded in acceptable behavior go unnoticed
- Verdict: We don't recommend this as your only extrusion prevention tool, but it can be beneficial if used along with one of the other tools reviewed here
This is certainly the most unusual product in this group. SpyForce-AI is touted as "a counter-espionage security software system that defeats the insider security threat" That is a bit different from simple extrusion detection. Even more different, however, is the way this solution works: SpyForce evaluates user behaviour, not packets.
Nowell's offering consists of three components: the client agent (Windows, Linux or Solaris), the Cyclone server (Red Hat Linux) that holds the database server, which in turn contains the security information for users, and the Jenius server - the artificial intelligence component, sitting on the same Red Hat server as the Cyclone.
We had no trouble installing and configuring. Once SpyForce-AI is up and running, and you have set up the configuration for the servers, it begins to enroll users. Each user goes through a 15-minute learning session, during which they have to answer queries only they will know the answers to. SpyForce uses the information if it suspects a user is abusing their rights or that someone isn't who they pretend to be.
As the user continues to use the computer, the software learns basic behaviour and, using its AI capability, builds a profile for the user that it continually updates and refines. If the software detects abnormal user behaviour, it conducts an "interrogation session". This replays the learning session information and expects rapid, correct answers from the user. If these are not provided, the administrator is informed.
We found several false positives until SpyForce began to learn our behaviour. Then we would behave badly on purpose so the software would interrogate us. While this is not traditional extrusion prevention software, it has benefits for controlling insider behaviour. We found it interesting but are unsure of its value as an extrusion prevention tool. Sending a forbidden file as an email attachment, for example, was not recognised, because the action of sending file attachments in email was acceptable for our profile.
The website has the usual support options and 24/7 phone support is available Monday to Saturday. At £45.99 per computer, the product can get a bit pricey for larger installations.
SC Webcasts UK
Information Security Manager
Infosec People - Hammersmith, West London
Junior Penetration Tester, Hertfordshire, to £35k + benefits
Infosec People - England, Hertfordshire
Cyber Security Architect
CYBER EXECS - London (Greater)
SOC Analyst, Aldershot, £47-56k + package
Infosec People - Hampshire, England, Aldershot
Senior Security Engineer
Loveworklife Recruitment - United Kingdom
Sign up to our newsletters
SC Magazine UK Articles
- Tesco Bank allegedly ignored warnings of hack from Visa
- Investigatory Powers and Digital Economy Bills could threaten economy
- Updated: A million German routers knocked offline by failed Mirai botnet attack
- Gooligan ad fraud malware infects 1.3M Android users, installs over 2M unwanted apps
- Microsoft update left Azure Linux virtual machines open to hacking
- SC Awards Europe 2016 winners announcements!
- ISIS radicalises 'lone wolves' through strong social media presence
- Updated: How will Brexit affect the cyber-security industry in UK and Europe?
- ICYMI: CEO Sacked; MS Zero-day; Passwords dropped; Ransomware wild, charging hack
- 9.2 million medical records for sale on darkweb
- ICYMI: Tesco warned; IP Bill threatens economy; German routers offline; Azure trojan; Gooligan fraud
- Data centres are on the move - where will they end up?
- 90% of ITDMs believe IAM is crucial to digital transformation success
- Research: Hacked companies could see customer exodus if breached
- Misconfigured drive exposes locations of explosives used by oil industry