This article can also be found in the Premium Editorial Download "Information Security magazine: How to tell if you need the help of security integrators and consultants."
Download it now to read this article plus other related content.
Blink Professional 3.0
REVIEWED BY STEVEN WEIL
eEye Digital Security
Price: $59 per computer per year
Antivirus software is no longer enough to protect your company's computers. Prolific laptops, desktops and critical servers are facing threats from many fronts: malware; insecure protocols and applications; lost, stolen or misused portable storage devices; and network traffic. Host IPS, antivirus and storage device control programs can mitigate certain threats, but force security managers to install and manage multiple applications.
eEye's Blink Professional 3.0 is among the increasing number of host-based endpoint security products that use a layered, consolidated approach to defend Windows computers against different attacks.
We liked the well-designed wizard programs that are used to create rules and signatures. We also liked being able to add references, such as CVE and Bugtraq IDs, to IPS rules. Blink can be configured to automatically check for software and signature updates.
Blink can also block the use of storage devices, such as USB flash drives, and conduct local vulnerability assessment scans.
Security managers can configure Blink locally, or configure it to regularly check and download a centralized policy. Blink can also be integrated with eEye's REM Security Management Console for creation and management of dynamic policies. It also centralizes logging.
We were able to create numerous granular firewall rules, IPS signatures and system protection rules, which defined the actions to be taken (allow, log, block, alert).
Via Blink's local event log interface, an administrator can select an individual log event and, as appropriate, block an IP address, go to the rule that logged the event or create a new rule in response to an event, such as allowing traffic that was blocked. Administrators can configure Blink to pop up a user alert when a specific event occurs, such as an RDP connection to a server.
Blink also generates useful reports after an antimalware and/or vulnerability assessment scan is run, but they cannot be exported.
Testing methodology: Our test network included a Windows 2003 laptop, an unmanaged switch and three Windows 2003 servers.
This was first published in June 2007