Nowell SpyForce-AI v2.0
Strengths: An unusual approach to managing the insider threat
Weaknesses: Bit pricey, bad acts embedded in acceptable behavior go unnoticed
Verdict: We don't recommend this as your only extrusion prevention tool, but it can be beneficial if used along with one of the other tools reviewed here
This is certainly the most unusual product in this group. SpyForce-AI is touted as "a counter-espionage security software system that defeats the insider security threat" That is a bit different from simple extrusion detection. Even more different, however, is the way this solution works: SpyForce evaluates user behaviour, not packets.
Nowell's offering consists of three components: the client agent (Windows, Linux or Solaris), the Cyclone server (Red Hat Linux) that holds the database server, which in turn contains the security information for users, and the Jenius server - the artificial intelligence component, sitting on the same Red Hat server as the Cyclone.
We had no trouble installing and configuring. Once SpyForce-AI is up and running, and you have set up the configuration for the servers, it begins to enroll users. Each user goes through a 15-minute learning session, during which they have to answer queries only they will know the answers to. SpyForce uses the information if it suspects a user is abusing their rights or that someone isn't who they pretend to be.
As the user continues to use the computer, the software learns basic behaviour and, using its AI capability, builds a profile for the user that it continually updates and refines. If the software detects abnormal user behaviour, it conducts an "interrogation session". This replays the learning session information and expects rapid, correct answers from the user. If these are not provided, the administrator is informed.
We found several false positives until SpyForce began to learn our behaviour. Then we would behave badly on purpose so the software would interrogate us. While this is not traditional extrusion prevention software, it has benefits for controlling insider behaviour. We found it interesting but are unsure of its value as an extrusion prevention tool. Sending a forbidden file as an email attachment, for example, was not recognised, because the action of sending file attachments in email was acceptable for our profile.
The website has the usual support options and 24/7 phone support is available Monday to Saturday. At £45.99 per computer, the product can get a bit pricey for larger installations.