Review: Eye-Opening End-Point Security

For solution providers and MSPs looking for a new way to make money and differentiate their offering in a "me-too" market, here is a new technology that can help your bottom line.

Responsible vulnerability disclosure seems to have lost its luster. Zero-day exploits are on the rise and Microsoft is increasingly forced to issue fixes outside of the "Patch Tuesday" cycle. Traditional pattern-matching technology to detect malware and intrusion just isn't going to cut it anymore.

The unfortunate trend of traditional antivirus companies considering viruses, Trojans, spyware and attacks as separate items requiring separate tools is over. It's time to say goodbye to the overstuffed—and more resource-intensive—desktop security software we've been forced to live with.

MSPs have worked hard to transfer ownership of desktop management from traditional time-and-materials to service-level-agreement-based pricing models. That also means that MSPs have transferred the risk of preventing malware infestations to those same SLA-based pricing models.

As they absorb that risk, pattern matching for detecting malware and intrusion detection just isn't going to provide the risk protection MSPs—and their customers—are looking for in this world of zero-day exploits. It used to be that security intrusions on customers' networks meant time and material billing dollars. In many cases, it now means lower margins as the cost of cleanup is borne by the MSP. In the bigger picture, the real goal is to prevent the customer from incurring the cost of downtime in the first place.

EEye Digital Security is helping solution providers and MSPs meet this challenge with Blink Professional 3.0 with Anti-Virus, its end-point security offering. Through its innovative approach to protocol analysis, Blink is able to detect and block zero-day attacks that bypass standard signature-checking solutions. Priced at $1,129 for coverage of 20 assets, Blink has a small footprint and combines several protection methods that include system firewall, application firewall, intrusion prevention, antimalware, eEye's Retina vulnerability assessment, identity theft protection and IP white/black listing in a single integrated application. All of this is based on protocol analysis and is backed up by traditional pattern matching.

As an example, Blink users were inherently protected from all five of the April 2007 Microsoft "critical" updates long before the vulnerabilities were ever discovered. As a matter of fact, since Blink was introduced, it has inherently protected against every Microsoft critical vulnerability that has been announced.

EEye is savvy enough not to promise that all future vulnerabilities will be inherently protected as well, but Blink technology does provide a significant advantage and nimbleness over previous methods of antivirus protection.

So, what exactly makes Blink so different? It uses innovative protocol analysis and heuristics at the network-driver and file-system levels to determine if a particular request is malicious or not. It then uses pattern matching to determine the name of the attack that it just blocked. This is a game-changer. Blink has a very small footprint at only 66 Mbytes of RAM with all services fully configured, which is less than half of comparable hodgepodge pattern-matching solutions.

It also uses "sandboxing" to test-run applications in protected memory to see if they attempt any malicious behavior before allowing them to run in the core operating system. Sandboxing creates a protected, limited area in computer memory where applications are allowed to execute without risking damage to the system that hosts them.

Next: The Bottom Line