Images Events Jobs Premium Services Media Kit Network Map E-mail Offers Vendor Solutions Webcasts
IT Management Webcasts:
The Role of Security in IT Service Management

Preparing for an IT Audit

More Webcasts

Search EarthWeb Network

Be a Commerce Partner
Hurricane Shutters
Promos and Premiums
Domain registration
Condos For Sale
Boat Donations
Compare Prices
Rackmount LCD Monitor
Find Software
Web Design
Corporate Awards
Send Text Messages
Laptop Batteries
Logo Design

Linked Data Planet Conference & Expo

IT Management : Columns : Executive Tech: Security Vendors Defend Themselves Against Blink

Install What You Need with Windows Server 2008
Windows Server 2008 is Microsoft's most full-featured server operating system yet, so it's ironic that one of its most exciting new features is an install option that cuts out most of the other features. Paul Rubens explores why a Server Core installation makes a great deal of sense in many instances. »

Identify Hardware and Software That Meet Microsoft Standards
The "Certified for Windows. Server 2008" logo identifies hardware and software solutions that meet Microsoft standards for compatibility and best practices with the Windows Server 2008 operating system. »

Windows Server Catalog: Certified Hardware Devices
Search the Windows Server 2008 catalog to find solutions to deploy with confidence. »

Windows Server Catalog: Certfied Servers
Search the Windows Server 2008 catalog to find servers you can deploy with confidence. »

Download the Windows Server 2008 Trial
With Windows Server 2008 you can develop, deliver, and manage rich user experiences and applications, provide a secure network infrastructure, and increase technological efficiency and value within your organization. »

Related Articles
Preventing Attacks From Subverting Your Network
Defending IT in an Evolving Battlefield
Online Phishing Scams Exploding
Blaming Users for Virus Chaos?
- ITSMWatch Newsletter -
Tech Focus: Security

Cybersecurity: Laws Only Go So Far

Mozilla Firefox vs. Internet Explorer: Which is Safer?

Is Your Blog Leaking Trade Secrets?

The Las Vegas Counterfeiting Story: Is Your Privacy Worth More Than a Poker Chip?

Stopping Spammers at The Point of Sale

Product Watch
IOGEAR KVM - Includes Audio/Peripheral Sharing
Coverity Prevent / Coverity Thread Analyzer - Analyze Source Code For Defects, Security Vulnerabilities
USSD Series - SDRAM-Based Solid State Drives to 256 GB
UltraSMS - Send SMS From Your PC
Sentinel Sensors - Wi-Fi Based Temperature Monitoring Especially For Cold Storage

more products >>

Datamation Definitions
data mining
grid computing
network appliance
FREE Tech Newsletters

Whitepaper: HP Integrated Citrix XenServer for HP ProLiant Servers. Download this whitepaper now and get a chance to receive FREE XenServer HP Select Edition Software. Sponsored by HP, Citrix, and Intel.

Security Vendors Defend Themselves Against Blink
August 31, 2004
By Brian Livingston

Brian Livingston What happens when a major computer security firm issues a report showing that its latest software is vastly superior to other, competing products? The subjects of that attack rise to their own defense, as though fighting off a new Internet virus.

That's the situation in a nutshell after eEye Digital Security recently released a controversial comparison chart. The table asserts that eEye's Blink 1.0 intrusion-prevention software (IPS) has numerous capabilities not found in Cisco Security Agent, McAfee Entercept, Sygate Secure Enterprise, ISS RealSecure, and four other IPS products.

Charting A Rocky Course

I wrote up eEye's claims about Blink 1.0 in this space last week. The new software suite, which was released in July, is partly based on eEye's respected Retina vulnerability scanner, which debuted in 2000. But the new Blink bundle adds application- and system-level firewalls, plus additional software that the company claims will prevent hacker intrusions "based on the characteristics of an attack, rather than the specific signature."

eEye's comparison chart, posted on Blink's product page, has inspired some of its competitors to launch a few attacks of their own.

"Blink's representation of what Entercept does is inaccurate and outdated," charges Zimal Solanki, McAfee's director of product marketing for IPS products.

Besides strongly disagreeing with the eEye chart, McAfee spokespeople say their security software has many features that eEye left out of the comparison entirely. According to Patrick Bedwell, Entercept's product marketing manager, these include the following:

Levels of Protection. "We include a number of defined signatures in our product that eEye doesn't," Bedwell maintains. "For some of the well-defined attacks, you really need to have those signatures in place."

Scalability. McAfee's products have been well-tested in the line of fire in large enterprises, Bedwell says. "We currently have about 30 million desktops worldwide being monitored by ePO," the company's ePolicy Orchestrator security management tool, he indicates.

Manageability. McAfee's software has evolved to respect the policies that exist within enterprises of various sizes, Bedwell says. He contrasted that with the new Blink 1.0, saying, "Their management console requires administrative privileges, which low-level admins don't always have."

Securing the Enterprise, Computer By Computer

Spokespeople for Sygate Technologies, the makers of Sygate Secure Enterprise (SSE) were even more adamant that their product had been misrepresented and is, if anything, more capable than Blink.

"All of the functionality they say we don't offer on that list, we actually do," flatly states Maritza Perez, product manager for SSE.

Bill Scull, SVP of Sygate, added his own list of features that he said his company's products offered that didn't make it into eEye's comparison:

Enforcement. "You might say, Here's a list of things I want to be 'on' before this machine can connect to my network," Scull says. "You might want to make sure IM [instant messaging] is off, that peer-to-peer networking is off, and that there are other applications that are on." Corporate policy might require that an antivirus program be running and up-to-date on a roaming worker's laptop, for example, before it's allowed to access the home network.

Adaptive Policy. "You might want a different policy when you're connecting wirelessly from Starbucks than when you're inside the corporate firewall," Scull points out.

Performance And Monitoring Across The Enterprise. Sygate's largest customer has 250,000 devices under central management, according to Scull. "When you need to scale to a quarter-million end points, there are a lot of things you need to do." Sygate recently has announced deals ensuring interoperability in multi-vendor environments, a benefit for corporations with mixed networks.

Automatic Remediation. When devices are found to be out of compliance with one security requirement or another, Scull says, Sygate's products are equipped to update many of them. "The purpose is to make sure the computer is up-to-date before it connects to the network," Scull says. Remediation is an entire category eEye left out of its comparison chart, he notes.

Finding Oneself in the eEye of a Storm

In a follow-up interview, eEye COO Firas Raouf acknowledged that Blink 1.0 doesn't itself handle end-point updating.

"If a machine does not meet that level of security," Raouf says, Blink can "lock down that machine even further, or it can notify the Retina Remediation Manager," which is a separate product. "Over time, those two products will converge into a single agent," he said, adding that some corporations prefer to use their own update-management software.

Thor Larholm, senior security researcher for PivX Security Solutions, a competitor to eEye that wasn't mentioned in the comparison chart, feels Blink brings to the industry fairly few new technologies. The capability that does intrigue Larholm, after reading eEye's white papers on the subject, is the claim that Blink can prevent process-based buffer overflows, a vulnerability that's popular with hackers who seek to plant rogue programs on PCs.

"That's the only one from our point of view that's at all interesting," Larholm says. "But that's also the one that we have the least technical information about. All of the other capabilities we see in other products."

PivX's own product, Qwik-Fix Pro, which was released on Aug. 16, "eliminates specific vulnerabilities" in Windows, says director of forensic services Jason Coombs. "Any attack that targets the vulnerability will fail before it can take root."


eEye has a well-deserved reputation for the benefits of Retina and the firm's other products and services. In a hot IPS market that's rapidly growing in size and importance, it's understandable that security providers have their elbows out to defend their reputations and customer bases.

Which IPS system truly is the best? That call will have to await independent testing — which is just now getting underway, considering that some of these products have been available only for weeks, not months. Until then, my advice is, "Don't believe everything you read on the Internet."

Brian Livingston is the editor of and the co-author of Windows Vista Secrets and 10 other books. Send story ideas to him via his contact page. To subscribe free and receive Executive Tech via e-mail, visit our signup page.

Add to your favorites
Add to your browser search box
IE 7 | Firefox 2.0 | Firefox 1.5.x
Receive news via our XML/RSS feed

Executive Tech Archives



Jupitermedia Corporation has two divisions: Jupiterimages and JupiterOnlineMedia

Jupitermedia Corporate Info

Legal Notices, Licensing, Reprints, & Permissions, Privacy Policy.

Advertise | Newsletters | Tech Jobs | Shopping | E-mail Offers

Whitepapers and eBooks
Microsoft Article: Will Hyper-V Make VMware This Decade's Netscape?
Microsoft Article: 7.0, Microsoft's Lucky Version?
Microsoft Article: Hyper-V--The Killer Feature in Windows Server 2008
Avaya Article: How to Feed Data into the Avaya Event Processor
Microsoft Article: Install What You Need with Windows Server 2008
HP eBook: Putting the Green into IT
Whitepaper: HP Integrated Citrix XenServer for HP ProLiant Servers
Intel Go Parallel Portal: Interview with C++ Guru Herb Sutter, Part 1
Intel Go Parallel Portal: Interview with C++ Guru Herb Sutter, Part 2--The Future of Concurrency
Avaya Article: Setting Up a SIP A/S Development Environment
IBM Article: How Cool Is Your Data Center?
Microsoft Article: Managing Virtual Machines with Microsoft System Center
HP eBook: Storage Networking , Part 1
Microsoft Article: Solving Data Center Complexity with Microsoft System Center Configuration Manager 2007
Intel Video: Are Multi-core Processors Here to Stay?
On-Demand Webcast: Five Virtualization Trends to Watch
HP Video: Page Cost Calculator
Intel Video: APIs for Parallel Programming
HP Webcast: Storage Is Changing Fast - Be Ready or Be Left Behind
Microsoft Silverlight Video: Creating Fading Controls with Expression Design and Expression Blend 2
Downloads and eKits
Sun Download: Solaris 8 Migration Assistant
Sybase Download: SQL Anywhere Developer Edition
Red Gate Download: SQL Backup Pro and free DBA Best Practices eBook
Red Gate Download: SQL Compare Pro 6
Iron Speed Designer Application Generator
Tutorials and Demos
How-to-Article: Preparing for Hyper-Threading Technology and Dual Core Technology
eTouch PDF: Conquering the Tyranny of E-Mail and Word Processors
IBM Article: Collaborating in the High-Performance Workplace
HP Demo: StorageWorks EVA4400
Intel Featured Algorhythm: Intel Threading Building Blocks--The Pipeline Class
Microsoft How-to Article: Get Going with Silverlight and Windows Live