The agent is easy to install and maintain. Further, the management console's design makes administration a straight-forward, uncomplicated process. And when an administrator has an issue, SkyRecon asserts that engineers are ready to help work through configuration challenges, including policy or rule definitions. I found this to be true when working with them during my research.
According to SkyRecon, pricing is "...determined by the number and combination of StormShield security services purchased per protected endpoint. The top-end pricing includes all services available within the released version of StormShield Security Suite Ultimate Edition." Cost is per node. The pricing I received was $37.50 to $129.40, based on feature set purchased, and on the purchase of 250 nodes. Based my experience, the high number is easily half of what I would expect to spend if I tried to piece all these controls together from various vendor offerings.
This is another area in which StormShield does a good job. Instead of administrators being continuously beleaguered by users demanding access with handheld devices or other emerging technology, they can approve connection of specific device types--and brands and models within those types--as they are vetted. Further, organizations can control which file types can be copied to or from certain devices. For example, an administrator might allow iPods to connect, with only .MP3, .WAV, or .JPG allowed to be copied to them.
StormShield also integrates into Active Directory, allowing administrators to apply use policies via AD group membership. And users can have multiple policies. For instance, one policy might apply when the user establishes a remote connection with another invoked when locally connected.
As I wrote earlier, the management console interface is easy to use and intuitive. Daily management of this integrated set of security solutions won't overtask the security team.
The only problem I had with system management was the lack of a large set of pre-defined business policies. Yes, there are behavioral definitions. But I don't believe that out-of-the-box functionality is robust enough to quickly take advantage of the full functionality of the suite. Set up and testing time might be extended because of this, although SkyRecon engineers assured me they have a huge library of user-defined templates available at no charge. That's nice, but I would rather have them loaded in the product for my review and implementation rather than asking each time I run into a snag.
As I worked through my research for this review, I had the pleasure of working with the SkyRecon engineers. They are knowledgeble and eager to help. The sense I get is "we can't do that" or the more infamous "I don't know what ta tell ya, it works on my machine," do not exist in their organization's lexicon.
Overall, this is a great product. It provides all the controls necessary to protect systems and the data processed on or passing through them. Although I'd prefer the addition of signature-based AV protection as well as more out-of-the-box configuration templates, I highly recommend this solution for organizations of any size.