Issue TOC Print full article Print this page Download as PDF E-Mail this URL Discuss this article Flame the author     In this article Introduction Busy Windows Executive Summary How We Tested Where Does Protocol Modeler Fit? Hailstorm Protocol Modeler Looks To Find Its Niche Report Card

Cenzic has been seeking its target customer for a long time. The problem is that the core audience-- network security experts with deep technical knowledge-- is quite small, and few have $25,000 to spend on a single tool. We can't help but wonder if Cenzic might generate more revenue by slashing Hailstorm's price and moving more copies. In the right hands, the program is an incredibly powerful tool. But as it stands, its accessibility is extremely limited.

So who is this product for? First, your hard-core security analysts, such as those working for a lab that tests security software and hardware. This category includes me, a writer who works for Neohapsis. One area in which Neohapsis specializes is NIDSs (network intrusion detection systems). We could use Hailstorm to automate some of the scripting involving in NIDS signature testing, for example. Crafting other specialized attacks with which to test NIDS systems, including various RFC (request for comment) violations, could also prove useful.

Another potential customer base is application development organizations?in-house application development teams and companies producing end-user applications. Cenzic has started to build in tools to make Hailstorm more usable in this type of quality assurance role. For example, support for scheduling recurring tests provides a degree of automation. You can have Hailstorm, once a night, scan the latest beta build of your Web application for SQL disclosure vulnerabilities on newly added pages that accept user-supplied input.

Bottom line, Hailstorm is the artificially overpriced prescription drug of the network security testing world?efficacious when given to the right person but available only to the economically elite.