Images Events Jobs Premium Services Media Kit Network Map E-mail Offers Vendor Solutions Webcasts
IT Management Webcasts:
The Role of Security in IT Service Management

Preparing for an IT Audit

More Webcasts

Search EarthWeb Network

Be a Commerce Partner
Best Price
Computer Deals
Disney World Tickets
Boat Donations
Data Center Solutions
Promotional Gifts
Remote Online Backup
Online Shopping
Find Software
Compare Prices
Domain registration

Linked Data Planet Conference & Expo

IT Management : Columns : Executive Tech: Preventing Attacks From Subverting Your Network

Heroes Happen Here Launch Events
Attend the upcoming launch of three powerful new products, take a test drive, meet the teams, and leave with promotional copies of Windows Server 2008, Microsoft SQL Server 2008, and Microsoft Visual Studio 2008. Register here. »

Install What You Need with Windows Server 2008
Windows Server 2008 is Microsoft's most full-featured server operating system yet, so it's ironic that one of its most exciting new features is an install option that cuts out most of the other features. Paul Rubens explores why a Server Core installation makes a great deal of sense in many instances. »

Simplify Big Business IT for Small and Midsize Companies
Windows Small Business Server 2008 and Windows Essential Business Server 2008 deliver all-in-one solutions to help fuel growth for customers and partners. »

Q&A with Bob Muglia: Senior VP, Server and Tools Division
Bob Muglia, senior vice president, Server and Tools Division, discusses Microsoft's new interoperability principles and the steps the company is taking to increase the openness of its products. »

Q&A with Lutz Ziob, GM of Microsoft Learning
Lutz Ziob, the general manager of Microsoft Learning, talks about how IT professionals can become certified heroes within their enterprises by getting trained and certified in Windows Server 2008. »

- ITSMWatch Newsletter -
Tech Focus: Security

Cybersecurity: Laws Only Go So Far

Mozilla Firefox vs. Internet Explorer: Which is Safer?

Is Your Blog Leaking Trade Secrets?

The Las Vegas Counterfeiting Story: Is Your Privacy Worth More Than a Poker Chip?

Stopping Spammers at The Point of Sale

Product Watch
IOGEAR KVM - Includes Audio/Peripheral Sharing
Coverity Prevent / Coverity Thread Analyzer - Analyze Source Code For Defects, Security Vulnerabilities
USSD Series - SDRAM-Based Solid State Drives to 256 GB
UltraSMS - Send SMS From Your PC
Sentinel Sensors - Wi-Fi Based Temperature Monitoring Especially For Cold Storage

more products >>

Datamation Definitions
data mining
grid computing
network appliance
FREE Tech Newsletters

Justifying and Funding IT Investments: Learn Tools and Techniques from this Complimentary Independent Report. Download Now!

Preventing Attacks From Subverting Your Network
August 24, 2004
By Brian Livingston

Brian Livingston The market for software that prevents attackers from gaining access to corporate networks has just become a lot more interesting with the introduction of Blink, a new defensive suite from eEye Digital Security.

The makers of Blink say it takes a new approach to intrusion prevention, but competitors disagree. Who can you believe?

A Choice Of Where To Draw The Line

Intrusion-prevention software (IPS) has been available to enterprises for some time. I wrote, for example, on June 7 about a new release of Sana Security's Primary Response IPS, contrasting it with Cisco's Security Agent and McAfee's Entercept.

Blink uses a different and more effective approach than other intrusion-prevention software, according to Firas Raouf, COO of eEye. One way of looking at the differences is to consider various places where intrusion-prevention software can reside.

The Process Layer. The "process layer" is the conceptual area where software applications run, whether on a corporate server or in a PC. "Host-based" intrusion-prevention software (HIPS) can monitor the processes within machines and attempt to detect and halt unusual behavior that suggests a possible hacker attack.

The Network Layer. The "network layer" is the portion of an operating system that is closest to a machine's hardware connection to the Internet or a local area network. Blink carefully monitors activity in this layer to stop attacks, Raouf says, before they ever get a chance to interact with processes and applications.

The Hardware Layer. Every machine that's connected to a network has some kind of networking card that handles the physical tasks of communication. "Network-based" intrusion-prevention systems (NIPS), which defend at the hardware layer, usually take the form of a physical appliance that's installed between the Internet and the networking card on corporate servers. Although they can be effective against external attacks, network-based defenses can't protect against rogue applications that may be running within a corporation's PCs or insiders who seek unauthorized access.

The new Blink software, which was first released last month, protects the network layer of the operating system against unusual activity — without relying on a list of attack "signatures," Raouf says. This preventive capability, plus eEye's new application- and system-level software firewalls, plus its Retina vulnerability assessment tool (which has been available in some form since 2000), have been combined to form Blink.

Guarding Against Behaviors Rather Than Signatures

Blink installs onto every server and client PC in a company. While a deployment this broad may be a daunting task for some large corporations, once Blink is widely installed it offers enterprise-wide managability with centralized dashboards and policy setting, eEye says. Adding these capabilities throughout a company, Raouf explains, offers the following benefits:

Defense Against "Zero-Day" Attacks. Blink's behavior-monitoring approach means that PCs running it are protected against new assaults, known as zero-day attacks, that take advantage of previously-unknown vulnerabilities for which no vendor patch is available. Using this technique, eEye's software was able to hold off such widespread exploits as Code Red and LSASS, Raouf says.

No More "Panic Patching." When patches for newfound security holes do become available from software publishers, it may not be necessary for enterprises running Blink to install those patches ona crash basis to prevent a successful intrusion. If Blink is already guarding against a particular hacker exploit, installation of the new patches can wait for the next regular maintenance cycle, saving labor and downtime costs.

Protecting Roaming Laptops. A mere "security perimeter" approach to defense is flawed because corporate workers routinely take their laptops and other portable devices outside the perimeter. When these devices return onsite and are again plugged into the local network, any Trojan-horse software they may have caught has an opportunity to probe across the LAN for vulnerabilities. Installing Blink on mobile devices defends them from attack when they're off the network.

eEye officials believe their new software approach offers better overall protection than other intrusion-prevention software. Enterprises seem to echo this confidence, with clients such as Citigroup, Prudential, the U.S. Dept. of Defense and many others filling eEye's roster. "Fifty percent of our revenue [from eEye's earlier products] comes from deals that are $100,000 and above" for first-year contracts, Raouf says.

The Battle Is Joined

To underline its belief in the superiority of its products, eEye has created a comparison chart that pits Blink against its competitors. The chart shows that eEye ranks Blink strongly vs. Cisco Security Agent, McAfee Entercept, ZoneLabs Integrity, ISS RealSecure, and four other products that vie for market share.

Jason Coombs, director of forensic services for security vendor PivX Solutions, disagrees that Blink has the best approach. PivX is not listed in eEye's competitive chart because its new IPS offering, Quik-Fix Pro, just began shipping on Aug. 16. But Coombs says his company's product has advantages over the layered approach Blink uses.

"In order to block the attack, Blink has to identify the attack," he explains. "We have the ability to solve the underlying vunerability that hackers would take advantage of." Quik-Fix Pro, Coombs says, acts like a series of patches for Microsoft Windows and numerous Windows applications that otherwise would be susceptible to stealthy intrusions.

Blink 1.0 has some of the rough spots associated with a new release, according to an Aug. 16 review by Reviewer Cameron Sturdevant found that Blink had trouble installing and reporting back to central management, and lacks integration with antivirus and other security software.

Blink lists for $56 per device on an annual basis, which drops to about $40 per device for installations of 500 or more. eEye is marketing Blink at this time only to customers with more than 500 machines, but a package for companies who want to protect as few as 10 machines will be available by the first quarter of 2005, Raouf adds. For more information, see eEye's Blink product page.

Quik-Fix Pro lists for $60 per PC and $500 per server. More information is available at

In this space next week, I'll bring you responses from other Blink competitors who have their own views of this rapidly changing field.

Brian Livingston is the editor of and the co-author of Windows Vista Secrets and 10 other books. Send story ideas to him via his contact page. To subscribe free and receive Executive Tech via e-mail, visit our signup page.

Add to your favorites
Add to your browser search box
IE 7 | Firefox 2.0 | Firefox 1.5.x
Receive news via our XML/RSS feed

Executive Tech Archives



Jupitermedia Corporation has two divisions: Jupiterimages and JupiterOnlineMedia

Jupitermedia Corporate Info

Legal Notices, Licensing, Reprints, & Permissions, Privacy Policy.

Advertise | Newsletters | Tech Jobs | Shopping | E-mail Offers

Whitepapers and eBooks
Microsoft Article: Will Hyper-V Make VMware This Decade's Netscape?
Microsoft Article: 7.0, Microsoft's Lucky Version?
Microsoft Article: Hyper-V--The Killer Feature in Windows Server 2008
Avaya Article: How to Feed Data into the Avaya Event Processor
Microsoft Article: Install What You Need with Windows Server 2008
HP eBook: Putting the Green into IT
Whitepaper: HP Integrated Citrix XenServer for HP ProLiant Servers
Intel Go Parallel Portal: Interview with C++ Guru Herb Sutter, Part 1
Intel Go Parallel Portal: Interview with C++ Guru Herb Sutter, Part 2--The Future of Concurrency
Avaya Article: Setting Up a SIP A/S Development Environment
IBM Article: How Cool Is Your Data Center?
Microsoft Article: Managing Virtual Machines with Microsoft System Center
HP eBook: Storage Networking , Part 1
Microsoft Article: Solving Data Center Complexity with Microsoft System Center Configuration Manager 2007
Intel Video: Are Multi-core Processors Here to Stay?
On-Demand Webcast: Five Virtualization Trends to Watch
HP Video: Page Cost Calculator
Intel Video: APIs for Parallel Programming
HP Webcast: Storage Is Changing Fast - Be Ready or Be Left Behind
Microsoft Silverlight Video: Creating Fading Controls with Expression Design and Expression Blend 2
Downloads and eKits
Sun Download: Solaris 8 Migration Assistant
Sybase Download: SQL Anywhere Developer Edition
Red Gate Download: SQL Backup Pro and free DBA Best Practices eBook
Red Gate Download: SQL Compare Pro 6
Iron Speed Designer Application Generator
Tutorials and Demos
How-to-Article: Preparing for Hyper-Threading Technology and Dual Core Technology
eTouch PDF: Conquering the Tyranny of E-Mail and Word Processors
IBM Article: Collaborating in the High-Performance Workplace
HP Demo: StorageWorks EVA4400
Intel Featured Algorhythm: Intel Threading Building Blocks--The Pipeline Class
Microsoft How-to Article: Get Going with Silverlight and Windows Live