Information Security

Defending the digital infrastructure


Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Product review: eEye Digital Security's Blink Professional 3.0

eEye Digital Security's Blink Professional 3.0 is a host-based multi-layered threat mitigation and intrusion prevention product for protecting Windows computers. This product reviews evalutes the software's effectiveness and management, policy control and reportinf features.


Blink Professional 3.0

eEye Digital Security
Price: $59 per computer per year



Antivirus software is no longer enough to protect your company's computers. Prolific laptops, desktops and critical servers are facing threats from many fronts: malware; insecure protocols and applications; lost, stolen or misused portable storage devices; and network traffic. Host IPS, antivirus and storage device control programs can mitigate certain threats, but force security managers to install and manage multiple applications.

eEye's Blink Professional 3.0 is among the increasing number of host-based endpoint security products that use a layered, consolidated approach to defend Windows computers against different attacks.

Configuration/Management B  
Following eEye's well-written documentation, we were able to quickly and easily install Blink. Blink's interface is intuitive and easy to use; we were able to effectively navigate among the many local settings.

We liked the well-designed wizard programs that are used to create rules and signatures. We also liked being able to add references, such as CVE and Bugtraq IDs, to IPS rules. Blink can be configured to automatically check for software and signature updates.

Policy Control B  
Blink deploys a single agent and common management of its multiple security capabilities: a host firewall, monitoring inbound and outbound traffic; an application firewall that controls the network activity of installed applications; signature- and protocol analysis-based host intrusion prevention; antimalware protection against worms, viruses and spyware; antiphishing capabilities; system protection against buffer overflows; and controls over which applications may access the registry and/or be launched.

Blink can also block the use of storage devices, such as USB flash drives, and conduct local vulnerability assessment scans.

Security managers can configure Blink locally, or configure it to regularly check and download a centralized policy. Blink can also be integrated with eEye's REM Security Management Console for creation and management of dynamic policies. It also centralizes logging.

We were able to create numerous granular firewall rules, IPS signatures and system protection rules, which defined the actions to be taken (allow, log, block, alert).

Effectiveness A  
Blink did an excellent job of protecting host computers. We ran numerous manual and automated attacks against our test computers; our attacks included sending malicious data and executing unexpected protocol actions. Blink always took the correct action, such as blocking or logging attacks. Permitted traffic was correctly allowed. Blink also correctly blocked the use of prohibited storage devices and detected malware we installed on the test computers.

Reporting B  
Integration with REM enhances Blink's reporting abilities. In standalone mode, Blink locally logs system, firewall and IPS events, and can send SNMP traps. Individual log events are easy to understand, but the logs can only be exported as a .csv file.

Via Blink's local event log interface, an administrator can select an individual log event and, as appropriate, block an IP address, go to the rule that logged the event or create a new rule in response to an event, such as allowing traffic that was blocked. Administrators can configure Blink to pop up a user alert when a specific event occurs, such as an RDP connection to a server.

Blink also generates useful reports after an antimalware and/or vulnerability assessment scan is run, but they cannot be exported.

Blink is well-designed, and its multilayered approach makes it a good choice for protecting Windows computers throughout an organization.

Testing methodology: Our test network included a Windows 2003 laptop, an unmanaged switch and three Windows 2003 servers.

Article 7 of 13
This was last published in June 2007

Dig Deeper on Network intrusion detection and prevention (IDS-IPS)

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

Get More Information Security

Access to all of our back issues View All