A recent finalist of the SC Magazine Reader Trust Award and TechWorld.com Awards, SkyRecon’s StormShield protects laptops, desktops, and servers running the Windows operating system. StormShield provides integrated device control, data encryption, application control, host-based intrusion prevention (HIPS), system firewall, wireless security, anti-virus/-spyware, and network access control (NAC). Not glued together from multiple technology acquisitions, these SkyRecon-built security modules ensure continuous zero-day system and data protection without the need for signature or rule updates – using only a few megabytes of memory, a mere fraction of the size of competing products from other vendors.

Enquire about this product

---

---

Key Features

• Integrated Security provides consistent security policies that encompass user controls, system-level security, data protection, and network connectivity – all through a single agent.
• Proactive Protection provides a combination of enforceable policies and intelligent behavioral-based and signature-based protections. This eliminates the need for IT to periodically check and update PCs for compliance and remove unauthorised applications.
• Adaptive Control offers security and user control policies that change dynamically depending on the level of risk associated with the way the endpoint is used.
• Flexible Policy Control gives IT the ability to secure endpoints through both quickly deployed automatic protections built into the security suite and fine-grained, customizable configurations that address your organisation’s specific security and policy requirements.

---

USB / Removable Device Security Software

StormShield’s integrated USB security, device control, and encryption features give you complete control and protection for all of your end users’ removable devices, including USB drives, iPods, CD/DVD burners, and FireWire devices.

Define how your devices can be used: enable or disable all devices; control their use in certain settings; or even tie a specific vendor/serial number to an individual user. Use the integrated auditing capabilities to track how your users are using the devices to store and transfer data. Use the integrated AES-256 encryption to protect the data on these devices 
 

---

Integrated Encryption and Device Control

SkyRecon Stormshield can provide Integrated Encryption and Device Control that runs from One Agent.  SkyRecon can help you centrally control your removable media AND encrypt your sensitive data AND protect your endpoints from attack - all with a single endpoint protection client.

Stormshield is the single-agent solution your business has been looking for, comprising multiple security layers providing system protection, data protection and encryption (file, folder and full disk) - all wrapped up in a few megabytes. 

Stormshield was designed and built as a single agent security solution, giving your IT and Security Operations a Single Dynamic Policy enforced through a single management console.  Stormshield provides direct control over your increasingly vulnerable endpoints, ensuring that they are configured and protected from attack, loss, theft and misuse.

---

Wireless Security

Does your organisation have a workable Wi-Fi strategy in place? Can you also enforce your policy to laptops taken out of the office and used at home or at any available wireless access point?

Poorly secured, unencrypted public or home networks put your corporate data at risk.

StormShield’s dynamic policy control allows you to control wireless connections no matter where your employees travel. Policies can be set to disallow ad-hoc mode, to enforce VPN usage over public hot spots, and to trigger authentication and encryption policies.

With connection control, administrators can set up access point whitelists based on SSIDs and MAC addresses, meaning that any rogue access points are blocked. Bluetooth connections can be controlled by these policies as well, eliminating yet another possible security hole.

With dynamic WiFi policy control, your organisation can:

• Dynamically adjust user connection privileges based on location or context
• Disallow ad-hoc mode
• Enforce VPN usage
• Enforce authentication and encryption (WEP, WPA, WPA2, etc.)
• Control connections to WiFi access points using SSID and MAC address controls
• Enforce the usage of only approved wireless NICs

---

Full-Disk and File-Based Encryption

Full Disk Encryption

StormShield’s full-disk encryption provides pre-boot whole disk protection, preventing unauthorized access to the data, even if the device is lost or stolen and/or the drive is removed from the device.

This first layer of defense is extremely valuable, but as an only layer of defense for an organizations mobile data, a company’s information can still be at risk as the data stored on the disk is decrypted once the user logs in and does not directly address the movement of data to a removable device such as a USB key. 

To address this risk, StormShield takes its data protection to the next level, providing policy-based and user-oriented encryption capabilities. Through its centralized risk-based policy management and native Active Directory integration, StormShield’s file-based encryption allows multiple users of a machine to access only their data, including the availability of a system key to be used by IT for system maintenance, eliminating the need to provide IT with the CEO’s decryption key just to update the latest Windows patch. 

File-Based Encryption

StormShield’s on-the-fly file-based encryption policies are centrally managed by the StormShield administrator, where risk-based policies can be defined to control when and where encryption/decryption takes place. The encryption can be applied based on Active Directory user attributes and folder/file types, and can include the ability to limit encryption to cover only sensitive folders, such as the “My Documents” subfolders. If IT security and operational policy warrants, encryption can even be triggered by an event – such as detecting multiple files being copied to a USB key.

Where the policy warrants, organizations can allow the use of the StormShield Encryption Express tool for remote encryption/decryption. 

StormShield Express Encryption

StormShield Express Encryption allows you to easily encrypt and decrypt sensitive documents you have on your Windows PC and connected peripheral devices (such as a USB drive) using the latest industry standard 256-bit AES encryption algorithms. The encrypted files are only accessible by entering the correct password.

StormShield gives you:

• Single client, full disk and file-based encryption; integrated fixed drive, removable drive, and file-based protection
• Extremely fast, transparent encryption and decryption
• Integration with Windows Active Directory, GPO, and Windows authentication
• Integrated option for third-party second authentication methods
• Confidence through the use of the stringent AES-256 encryption standard
• Multi-user control, ensuring data protection between users and IT staff
• Integration with StormShield's Device Control System controls portable device access andenforces portable storage encryption
• Centrally-managed policy and/or user-based self-extracting encrypted archives
• Data protection even within the OS swap files
• Secure file erasure/wipe
• Accreditation for the FIPS 140-2 standard as being delivered by ICSA Labs

 

---

SkyRecon StormShield Datasheet

---

Compliance Standards

 

Requirement 3: Protect stored cardholder data

GCSX No 6 Access Control

GCSX No 10 Mobile / Home Working

GCSX No 15 Removable Media 

A.7.1 Responsibility for assets 

A.9.2 Equipment security 

A.10.7 Media handling

A.10.8 Exchange of information 

---

Host Intrusion Prevention System and Firewall

Rule-Based Protection

• Executable files, file types, folders, system panels and registries access control
• Inbound and outbound application connection control

System Hardening and Behavioral Analysis

• Detect, alert and block generic attack mechanisms such as memory overflow or keylogging
• Self-learning of legitimate application behavior
• Spotting and stopping zero-day exploits and unknown malware

Network Intrusion Prevention

• Protocol integrity checking
• Detect and block network intrusion mechanisms such as port scans or floods

---

Application Control

• Control installation and execution of applications
• Enforce either application whitelists or blacklists
• Protect applications from being stopped
• File-centric controls to limit file access

---

Network Access Control

• Check running applications, signature files and patch updates
• Client-based enforcement of NAC policies
• Fully-automated remediation
• Interoperable with Juniper UAC, Microsoft NAP, Cisco NAC and many VPN vendors

---

Wireless Security

• Control ad hoc mode and Bluetooth connectivity
• Enforce VPN use at public access points
• Enforce authentication and encryption protocols
• Whitelist authorized WiFi access points
• Enable “No WiFi” policy inside or outside the company

---

Device Control

• Fine-grained access rights to removable storage devices
• Control by type, model, and serial number
• Control of read and write access at the file type level
• Encryption of data stored on removable devices
• Control over classes of USB devices
• Monitoring of operations on removable devices

---

Content Encryption

• Transparent, on-the-fly file encryption
• Centrally managed encryption policies based on folders and file types
• Optional secondary authentication and integration with strong authentication systems
• Password-protected, self-extracting encrypted containers
• Secure file shredding and swap-file cleaning

---

Anti-Virus

• Detect and delete all forms of viruses
• Keep PCs free of spyware
• Anti-Rootkit: detects unseen threats on PCs