Product review: eEye Digital Security's Blink Professional 3.0 - Information Security Magazine

Product review: eEye Digital Security's Blink Professional 3.0

ENDPOINT SECURITY


Blink Professional 3.0
REVIEWED BY STEVEN WEIL

eEye Digital Security
Price: $59 per computer per year

@exb

    Requires Free Membership to View

    Login

    SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!

    Michael S. Mimoso, Editorial Director

    By submitting your registration information to SearchSecurity.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchSecurity.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.
@exe

Antivirus software is no longer enough to protect your company's computers. Prolific laptops, desktops and critical servers are facing threats from many fronts: malware; insecure protocols and applications; lost, stolen or misused portable storage devices; and network traffic. Host IPS, antivirus and storage device control programs can mitigate certain threats, but force security managers to install and manage multiple applications.

eEye's Blink Professional 3.0 is among the increasing number of host-based endpoint security products that use a layered, consolidated approach to defend Windows computers against different attacks.


Configuration/ManagementB  
Following eEye's well-written documentation, we were able to quickly and easily install Blink. Blink's interface is intuitive and easy to use; we were able to effectively navigate among the many local settings.

We liked the well-designed wizard programs that are used to create rules and signatures. We also liked being able to add references, such as CVE and Bugtraq IDs, to IPS rules. Blink can be configured to automatically check for software and signature updates.


Policy ControlB  
Blink deploys a single agent and common management of its multiple security capabilities: a host firewall, monitoring inbound and outbound traffic; an application firewall that controls the network activity of installed applications; signature- and protocol analysis-based host intrusion prevention; antimalware protection against worms, viruses and spyware; antiphishing capabilities; system protection against buffer overflows; and controls over which applications may access the registry and/or be launched.

Blink can also block the use of storage devices, such as USB flash drives, and conduct local vulnerability assessment scans.

Security managers can configure Blink locally, or configure it to regularly check and download a centralized policy. Blink can also be integrated with eEye's REM Security Management Console for creation and management of dynamic policies. It also centralizes logging.

We were able to create numerous granular firewall rules, IPS signatures and system protection rules, which defined the actions to be taken (allow, log, block, alert).


EffectivenessA  
Blink did an excellent job of protecting host computers. We ran numerous manual and automated attacks against our test computers; our attacks included sending malicious data and executing unexpected protocol actions. Blink always took the correct action, such as blocking or logging attacks. Permitted traffic was correctly allowed. Blink also correctly blocked the use of prohibited storage devices and detected malware we installed on the test computers.


ReportingB  
Integration with REM enhances Blink's reporting abilities. In standalone mode, Blink locally logs system, firewall and IPS events, and can send SNMP traps. Individual log events are easy to understand, but the logs can only be exported as a .csv file.

Via Blink's local event log interface, an administrator can select an individual log event and, as appropriate, block an IP address, go to the rule that logged the event or create a new rule in response to an event, such as allowing traffic that was blocked. Administrators can configure Blink to pop up a user alert when a specific event occurs, such as an RDP connection to a server.

Blink also generates useful reports after an antimalware and/or vulnerability assessment scan is run, but they cannot be exported.


Verdict
Blink is well-designed, and its multilayered approach makes it a good choice for protecting Windows computers throughout an organization.


Testing methodology: Our test network included a Windows 2003 laptop, an unmanaged switch and three Windows 2003 servers.

This was first published in June 2007