Feature

Product review: eEye Digital Security's Blink Professional 3.0

Ezine

This article can also be found in the Premium Editorial Download "Information Security magazine: How to tell if you need the help of security integrators and consultants."

Download it now to read this article plus other related content.

ENDPOINT SECURITY


Blink Professional 3.0
REVIEWED BY STEVEN WEIL

eEye Digital Security
Price: $59 per computer per year

@exb

    Requires Free Membership to View

@exe

Antivirus software is no longer enough to protect your company's computers. Prolific laptops, desktops and critical servers are facing threats from many fronts: malware; insecure protocols and applications; lost, stolen or misused portable storage devices; and network traffic. Host IPS, antivirus and storage device control programs can mitigate certain threats, but force security managers to install and manage multiple applications.

eEye's Blink Professional 3.0 is among the increasing number of host-based endpoint security products that use a layered, consolidated approach to defend Windows computers against different attacks.


Configuration/ManagementB  
Following eEye's well-written documentation, we were able to quickly and easily install Blink. Blink's interface is intuitive and easy to use; we were able to effectively navigate among the many local settings.

We liked the well-designed wizard programs that are used to create rules and signatures. We also liked being able to add references, such as CVE and Bugtraq IDs, to IPS rules. Blink can be configured to automatically check for software and signature updates.


Policy ControlB  
Blink deploys a single agent and common management of its multiple security capabilities: a host firewall, monitoring inbound and outbound traffic; an application firewall that controls the network activity of installed applications; signature- and protocol analysis-based host intrusion prevention; antimalware protection against worms, viruses and spyware; antiphishing capabilities; system protection against buffer overflows; and controls over which applications may access the registry and/or be launched.

Blink can also block the use of storage devices, such as USB flash drives, and conduct local vulnerability assessment scans.

Security managers can configure Blink locally, or configure it to regularly check and download a centralized policy. Blink can also be integrated with eEye's REM Security Management Console for creation and management of dynamic policies. It also centralizes logging.

We were able to create numerous granular firewall rules, IPS signatures and system protection rules, which defined the actions to be taken (allow, log, block, alert).


EffectivenessA  
Blink did an excellent job of protecting host computers. We ran numerous manual and automated attacks against our test computers; our attacks included sending malicious data and executing unexpected protocol actions. Blink always took the correct action, such as blocking or logging attacks. Permitted traffic was correctly allowed. Blink also correctly blocked the use of prohibited storage devices and detected malware we installed on the test computers.


ReportingB  
Integration with REM enhances Blink's reporting abilities. In standalone mode, Blink locally logs system, firewall and IPS events, and can send SNMP traps. Individual log events are easy to understand, but the logs can only be exported as a .csv file.

Via Blink's local event log interface, an administrator can select an individual log event and, as appropriate, block an IP address, go to the rule that logged the event or create a new rule in response to an event, such as allowing traffic that was blocked. Administrators can configure Blink to pop up a user alert when a specific event occurs, such as an RDP connection to a server.

Blink also generates useful reports after an antimalware and/or vulnerability assessment scan is run, but they cannot be exported.


Verdict
Blink is well-designed, and its multilayered approach makes it a good choice for protecting Windows computers throughout an organization.


Testing methodology: Our test network included a Windows 2003 laptop, an unmanaged switch and three Windows 2003 servers.

This was first published in June 2007

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: