Review: StillSecure Strata Guard 4.5 Free

0 Comments

At today the world standard in open source intrusion detection systems (IDS) is Snort.
It's powerful, flexible and free. But it lacks of complete, enterprise ready, mature management tools.
In the whole market there are just 4 products to compete with: BASE (born from the obsolete ACID project), Sguil (which lacks of management features), Anvaal and IDS Policy Manager (which lacks of reporting features).

Even if you are satisfied by features provided by these tools, you need to admit none of them provide a fully working Snort-based IDS sensor without much effort.

Sure, following the growing enthusiastic community trend launched by VMware, anybody can assemble a Linux distribution, pre-install and configure one of these tools, and re-distribute the work as a VMware Player virtual machine.
But this solution has a couple of problems at least:

the whole thing isn't supported, not even commercially, by anybody

if you need to change underlying OS configuration (and you almost will) it can become painful

In this scenario StillSecure started offering a scaled down, free version of one of their three products called Strata Guard, which is now a more than valid alternative for some small businesses: it comes with a bootable ISO, it re-formats your hard disk installing the whole system, it helps you tuning it with a simple wizard, and it provides sensor management out of the box. And if you want support you can transparently upgrade to a commercial license.

Strata Guard Free comes with some limitations:

5 Mbps maximum throughput

Database content expiration maximum 7 days (you really would have this set to 30 days at least)

No high availability bypass switch (in a certain operational mode, if Strata Guard has a problem it forwards packets to a stand-by physical switch, not filtering anything, as soon as Strata Guard recovers the switch forwarding is stopped)