Upcoming Events

Cloud Connect
Santa Clara
Feb 13-16, 2012

Cloud Connect brings together the entire cloud eco-system to better understand the transformation we're experiencing and promises to be the defining event of the cloud computing industry. Learn about the latest cloud technologies and platforms from thought leaders in Cloud Connect’s comprehensive conference.

Register Now!

More Events »

Subscribe to Newsletter

  • Keep up with all of the latest news and analysis on the fast-moving IT industry with Network Computing newsletters.
Sign Up
Security
R E V I E W  
Arming Your Top Security Guns

  May 1, 2003
  By Patrick Mueller


>> continued from previous page

Hailstorm Protocol Modeler Looks To Find Its Niche

TOC Issue TOC
Printer Print full article
Printer Print this page
Printer Download as PDF
E-Mail E-Mail this URL
Discuss Discuss this article
flame author Flame the author
 
  In this article
arrow
Introduction
arrow
Busy Windows
arrow
Executive Summary
arrow
How We Tested
arrow
Where Does Protocol Modeler Fit?
arrow
Hailstorm Protocol Modeler Looks To Find Its Niche
arrow
Report Card

Cenzic has been seeking its target customer for a long time. The problem is that the core audience-- network security experts with deep technical knowledge-- is quite small, and few have $25,000 to spend on a single tool. We can't help but wonder if Cenzic might generate more revenue by slashing Hailstorm's price and moving more copies. In the right hands, the program is an incredibly powerful tool. But as it stands, its accessibility is extremely limited.

So who is this product for? First, your hard-core security analysts, such as those working for a lab that tests security software and hardware. This category includes me, a writer who works for Neohapsis. One area in which Neohapsis specializes is NIDSs (network intrusion detection systems). We could use Hailstorm to automate some of the scripting involving in NIDS signature testing, for example. Crafting other specialized attacks with which to test NIDS systems, including various RFC (request for comment) violations, could also prove useful.

Another potential customer base is application development organizations?in-house application development teams and companies producing end-user applications. Cenzic has started to build in tools to make Hailstorm more usable in this type of quality assurance role. For example, support for scheduling recurring tests provides a degree of automation. You can have Hailstorm, once a night, scan the latest beta build of your Web application for SQL disclosure vulnerabilities on newly added pages that accept user-supplied input.

Bottom line, Hailstorm is the artificially overpriced prescription drug of the network security testing world?efficacious when given to the right person but available only to the economically elite.


start top   Where Does Protocol Modeler Fit? Report Card 

Research and Reports

Hypervisor Derby
August 2011

Network Computing: August 2011

TechWeb Careers