eEye Digital Securitys Blink Professional 3.0 centralized endpoint protection software offers enterprises a broad palette of tools to defend their Windows-based client systems.
Blink Professional 3.0 has come a long way since we reviewed its debut edition in 2004. In particular, were pleased with the anti-virus capabilities that eEye has built into the product, as well as with Blinks integration with eEyes REM event manager and central policy management component.
Blink Professional 3.0 is priced at $59 per computer per year, compared to approximately $12 per system per year for Microsofts Forefront security tools. Blinks higher license costs, however, buy security functionality, compared to Microsofts more modestly appointed offering. Blinks included services range from system and application firewalls to anti-virus, anti-spyware, and anti-phishing safeguards, as well intrusion prevention, removable storage device controls and vulnerability scanning.
Whats more, our tests—which involved real viruses, Trojans, compromised screen savers and key logging malware supplied to us by client security provider Robot Genius—showed Blink Professional 3.0 to be quite effective at preventing malware from gaining a foothold on our systems. When we tried to copy infected files onto the Windows XP systems on which wed installed Blink Professional 3.0, we were duly warned that malware had been detected by the Blink client firewall. While we liked the Blink client, we suggest that IT managers plan on spending several weeks in pilot mode with the Blink client to work out potential kinks before deploying it.
The eEye REM console starts at $4,995 for the first 500 nodes and $5 per additional protected system. eEye also offers Blink Enterprise Edition, which combines Blink Professional 3.0 and REM together for $65 per node. Volume pricing discounts are available.
Blink in Action
Blink Professional 3.0s modules performed well overall in our tests, but based on our testing, the strongest components in the Blink suite are its firewall, intrusion prevention and vulnerability assessment tools. We were also particularly impressed with Blinks anti-virus and anti-spyware heuristics tools, which are now integrated sandboxing technology from anti-virus vendor Norman Data Defense.
Blink Professional 3.0s firewall protection, which we tested in place of Windows built-in firewall, proved amply able to withstand attacks from infected systems on our test network. The Blink firewall starts in passive mode, in which it allows all requests for which it does not have a rule. The default configuration comes with seven of 15 built-in rules turned on. These include exceptions to allow such traffic as IP Security, ICMP (Internet Control Message Protocol) and TCP connections. Security managers should carefully review the default rules and spend time learning what applications users—especially those who travel outside the protected network perimeter—need and how the applications communicate. Adding and modifying rules was simple to do on the client or through eEyes REM console.
The vulnerability assessments that Blink Professional 3.0 prepared after scanning our systems were thorough and easy to understand. Vulnerability assessment on individual systems can be centralized in eEyes Retina system to provide an enterprise view of the vulnerability landscape—we did not test Retina for this review, however. The standalone vulnerability assessment reports that Blink created for our test systems provided us with a wealth of information that paired detailed descriptions of system vulnerabilities with links to outside sources such as CERT on how to remediate the weaknesses.
The firewall and intrusion prevention modules are well developed, although they depend a great deal on rigid rules to provide system defense. The large rule collections included in the Blink Professional 3.0 should provide enough protection to keep road warriors up and running. Security mangers will need to run updates at least weekly to get new rules from eEye. The update process was simple to use and took less than 30 seconds to complete even for newly configured systems that were getting updated for the first time.
We could collect and analyze information about vulnerabilities, malware and firewall use through the REM Events Management console. REM data, which we collected from our Blink-equipped clients, can also be combined with Retina vulnerability assessment information to create reports that show which clients are most vulnerable to attack. Security managers also can have this vulnerability information integrated with most network management framework products including CAs Unicenter, Hewlett-Packards OpenView and IBMs Tivoli systems.
The weakest links we found were in the system protection and identity theft modules. In both cases, the modules looked like they were off to promising starts but fell short of the polish we expect from a finished product. In particular, IT managers will need to devote significant resources to rounding out the puny collection of rules we found when we installed the Blink client.
System protection is equipped with just three rules, two dealing with Microsofts Internet Explorer and one with Visual Studio 2005. This module also controls execution protection, which shipped empty of default rules. The most useful component of system protection is the registry protection module, which worked well for us at tracking changes to the Windows registry.
The identity theft module is composed of anti-phishing rules that monitor Web pages for a variety of problems with links and IE exploits. The module would better serve users if it were renamed the Web site checking tool. eEye should consider adding some rudimentary outbound checks to see if data matches simple identifiers such as Social Security Number and other user credentials to bring the identity theft module up to snuff.
Technical Director Cameron Sturdevant can be reached at [email protected].
Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.