Two security vendors renowned for their vulnerability research have each developed tools designed to eliminate the panicked rush of patching that administrators face whenever a new software flaw is discovered.
PivX Solutions LLC and eEye Digital Security Inc. have developed tools that automatically deploy fixes and workarounds to prevent attackers from exploiting newly discovered vulnerabilities. The products are not a replacement for patching but are intended to protect vulnerable machines until patches are available and give IT staffs the option of patching at a convenient time.
The solution due this week from eEye, dubbed Blink, is a multifaceted package that includes application and network firewalls and a host vulnerability assessment component. The system performs periodic scans of protected assets to gauge their level of vulnerability to flaws in Microsoft Corp.s products. Because it is a network-layer tool, Blink can capture and scan all packets destined for a protected device for potentially dangerous traffic.
Administrators manage the solution from a central console and can deploy Blink agents remotely from the console. Officials at eEye said the development of Blink was spurred by requests from security operators who said they could no longer keep up with the flood of patches.
“The big companies have been telling us they dont want to deploy patches,” said Firas Raouf, chief operating officer of eEye, in Aliso Viejo, Calif.
Some customers said Blink has given them the freedom to deploy patches on a regular schedule and not have to interrupt business operations to do so. “I dont want to have to go through slam-dunking patches onto critical machines without doing the regression testing,” said Andre Gold, director of information security at Continental Airlines Inc., in Houston, which has been testing Blink. “Were able to drastically increase security without increasing the burden on our staff or the network.”
PivX, of Newport Beach, Calif., has taken a slightly different approach with Qwik-Fix Pro, due next month. When PivX researchers discover or get word of a new vulnerability in Windows or Internet Explorer, the team analyzes the problem and develops a workaround, or interim, solution. The fix is sent automatically to Qwik-Fix users through a central management console.
None of the fixes makes permanent changes, so administrators have the option of turning the remedies off. PivX maintains an update server, which distributes the fixes, but large customers will have the option of deploying a server in their own networks.