>> In the News

>> Press Releases

May 23, 2011
Microsoft TechNet Reviews ThreatSentry v4.

November 17, 2010
PC Mag Reviews Privatefirewall 7.

September 22, 2009
Privatefirewall "Highly Recommended" by Bright Hub!

June 27, 2008
Privacyware Makes CRN 2008 Emerging Vendors List.

(click here to view actual article)

March 22, 2005 - Larkware reviews ThreatSentry version 2.0

By Mike Gunderloy

ThreatSentry is an inexpensive intrusion detection and prevention system that integrates well with Microsoft IIS - in fact, it integrates better with IIS than any other intrusion detection software that I've seen. ThreatSentry is implemented as an ISAPI filter, an managed through an MMC snap-in, so its use and technology are a perfect fit for the rest of the IIS world. Basically, it keeps an eye on IIS requests as they go by, and when it sees something suspicious, stomps on it for you. Some of its capabilities overlap those of Microsoft's free UrlScan utility, but ThreatSentry offers more flexibility and a greater range of response options for traffic that you'd rather do without.

Although ThreatSentry comes with its own database of predefined rules to watch out for common web attacks (such as HTTP verbs that you probably don't want to get through and request strings that are part of known worms), that's only the beginning. When you first install it, the software launches in a training mode, where it listens in as normal traffic flows on your server. This gives it a baseline of what requests are supposed to look like, and it uses this to build up a database of known good page requests. If future traffic is markedly different from the training database, ThreatSentry gets suspicious and denies it. The administrator can monitor the log of blocked requests and train ThreatSentry further by confirming them or by marking the requests as OK, further fine-turning its notion of what should be allowed.

You can choose whether you want bad requests to be blocked entirely, or just to be logged with notification to you. If they're blocked, you can also firewall the offending IP address from your server across the board so it can't get into any other mischief.

I tried ThreatSentry on the Larkware server, which also hosts a batch of other sites, and it performed as advertised, knocking down a pile of the nuisance traffic that plagues any server on the Internet these days. Installation was easy, management was simple, and it was basically software I could just forget about and monitor every now and then as it went about its business. For $99, this seems like a pretty cheap bit of peace of mind to add to any server that's on the net. If you want to give it a look yourself, you can download a 30-day trial from the Privacyware site.

		Home \| News \| Company \| Contact


	©1999-2012 PWI, Inc. All rights reserved. Privacy policy

personal firewall, intrusion prevention, security information management