
Subscribe to
Computerworld
or
Other Security Stories
July 26, 2004 (IDG News Service) -- EEye Digital Security Inc. announced a new endpoint security product today that it says will help organizations stop attacks launched from the Internet that use previously unknown, or "zero-day," software vulnerabilities.
The Aliso Viejo, Calif.-based company unveiled Blink, an intrusion-prevention software (IPS) client with vulnerability scanning as well as network- and host-based firewall features. The product uses intelligence about software exploits developed by eEye's vulnerability experts to spot an attack, even before security companies have formally identified the attack and issued a "signature" to guard against it, according to Firas Raouf, eEye's chief operating officer.
Blink works at the network layer, reconstructing calls for network services such as file transfer protocol and HTTP and comparing that traffic to eEye's lexicon of different methods of exploits. The approach gives Blink an advantage over competitors that work at what Raouf called the "process layer," analyzing the interactions between applications and the operating system for dangerous behaviors, because Blink allows companies to drop malicious traffic before it even reaches critical applications such as Web servers, he said.
The Blink client will work on servers, workstations and laptops running Microsoft Corp.'s Windows operating system, including Windows 2000, XP and Windows 2003 Server. The clients are controlled from a central management console in an organization's data center, Raouf said.
The product is designed for large enterprises and can be deployed, managed and updated from a central location, eEye said.
For companies with mobile workers, Blink's integrated firewalls will also isolate outbreaks caused by malicious code obtained outside a corporate network. For example, Blink can recognize activity associated with a virus or worm and shut down the infected application on a machine, protecting other network hosts. At the same time, Blink allows other, unaffected applications to keep running, preserving user productivity, he said.
Continental Airlines Inc. has been evaluating Blink on a mixture of desktop and server systems since January, according to Andre Gold, director of information security. The company is testing Blink's IPS and scanning features but doesn't intend to use the network or application firewalls, he said.
Though the airline hasn't used Blink in production, Gold said he was impressed with the amount of protection Blink provides with little or no configuration. "It's a chore to manage [host intrusion prevention] across hundreds or thousands of machines. You have to go in and say, 'This box is a Web server and this box is a SQL server,'" he said.
In contrast, Blink allowed Gold to simply "turn on" the IPS feature and get protection from virus and worm outbreaks on systems running the product. At the same time, Gold didn't have to spend time creating policies for every application on those systems.
"I don't really care whether Notepad is running or not," he said, referring to the Microsoft text editing program. "I just want to stop Slammer or Blaster."
With competing IPS products, Gold said he had to spend hours creating different policies and rules for each of Continental's many applications.
Gold gave Blink lower ratings on reporting and on the management interface, which he said aren't as fully developed as some of its more mature competitors. He also said Continental would eventually need a product that can work with Unix and with Linux, which the company is increasingly using on its network -- platforms Blink does not currently support.
"'Windows only' isn't a problem when you're trying to stop things that are occurring today, but tomorrow the attack vector could shift," he said.
Blink is available immediately and is sold on a subscription basis, starting with packages of 10 licenses for $56 per device for an annual subscription. For servers, eEye has combined Blink with its Secure Internet Information Services product and is selling annual subscriptions for $600 per server, Raouf said.
|
|
Print this Story |
|
Send Us Feedback |
|
E-mail this Story |
|
Digg this Story |
|
Slashdot this Story |
|
|
|
|
|
|
|
|
All Zones Application Performance Zone Business Continuity Zone Data Center Management Zone Enterprise-Class Security Zone The File Data Management Zone Grid Computing on Windows Zone Security Management Zone ITIL Best Practices Zone The SAS Zone Storage Virtualization Zone Business Intelligence and Analytics Zone |
|
|
| ||||||||
| ||||||||
| ||||||||
|


Security Management ZoneSecurity management is the process of developing a comprehensive data protection plan. It takes into account all potential threats, the existing network environment, the future needs of the organization, and lays out a multi-tiered blueprint to integrate the security technology needed to combat these threats. CDW can help keep your network and data secure. Visit the CDW Security Management Zone now See All Zones
|
Fired up about IT? Join Sharkbait and share your true tales of IT. SharkBait is the place for you to sound off about everything IT the good, the bad, and the rest of the weird stuff you deal with every day.New baits |

"Security Directions" virtual trade show2008's Code-Red Security Issues for Protecting the EnterpriseWebcasts, white papers, demos, and more. Presented in a unique 3-d environment. Enter our show right now! Click here to enter
|

In SecuritySecurity's important, and risk must be addressed, right? Sure, but watch for four signs your policies go a bit overboard. Click here to read the latest column by Jon Espenschied |
| About Us Advertise Contacts Editorial Calendar Help Desk Jobs at IDG Privacy Policy Reprints Site Map |
|
CIO The Industry Standard |