eEye lifts the lid on endpoint security product

IDG News Service - EEye Digital Security Inc. announced a new endpoint security product today that it says will help organizations stop attacks launched from the Internet that use previously unknown, or "zero-day," software vulnerabilities.
The Aliso Viejo, Calif.-based company unveiled Blink, an intrusion-prevention software (IPS) client with vulnerability scanning as well as network- and host-based firewall features. The product uses intelligence about software exploits developed by eEye's vulnerability experts to spot an attack, even before security companies have formally identified the attack and issued a "signature" to guard against it, according to Firas Raouf, eEye's chief operating officer.
Blink works at the network layer, reconstructing calls for network services such as file transfer protocol and HTTP and comparing that traffic to eEye's lexicon of different methods of exploits. The approach gives Blink an advantage over competitors that work at what Raouf called the "process layer," analyzing the interactions between applications and the operating system for dangerous behaviors, because Blink allows companies to drop malicious traffic before it even reaches critical applications such as Web servers, he said.
The Blink client will work on servers, workstations and laptops running Microsoft Corp.'s Windows operating system, including Windows 2000, XP and Windows 2003 Server. The clients are controlled from a central management console in an organization's data center, Raouf said.
The product is designed for large enterprises and can be deployed, managed and updated from a central location, eEye said.
For companies with mobile workers, Blink's integrated firewalls will also isolate outbreaks caused by malicious code obtained outside a corporate network. For example, Blink can recognize activity associated with a virus or worm and shut down the infected application on a machine, protecting other network hosts. At the same time, Blink allows other, unaffected applications to keep running, preserving user productivity, he said.
Continental Airlines Inc. has been evaluating Blink on a mixture of desktop and server systems since January, according to Andre Gold, director of information security. The company is testing Blink's IPS and scanning features but doesn't intend to use the network or application firewalls, he said.
Though the airline hasn't used Blink in production, Gold said he was impressed with the amount of protection Blink provides with little or no configuration. "It's a chore to manage [host intrusion prevention] across hundreds or thousands of machines. You have to go in and say, 'This box is a Web server and this box is a SQL server,'" he said.
In contrast, Blink allowed Gold to simply "turn on" the IPS feature and get protection from

Reprinted with permission from

IDG.net
Story copyright 2009 International Data Group. All rights reserved.