Security Vendors Defend Themselves Against Blink

What happens when a major computer security firm issues a report showing that
its latest software is vastly superior to other, competing products? The
subjects of that attack rise to their own defense, as though fighting off a new
Internet virus.

That’s the situation in a nutshell after eEye Digital Security recently
released a controversial comparison chart. The table asserts that eEye’s Blink 1.0
intrusion-prevention software (IPS) has numerous capabilities not found in
Cisco Security Agent, McAfee Entercept, Sygate Secure Enterprise, ISS
RealSecure, and four other IPS products.

Charting A Rocky Course

I wrote up eEye’s claims about Blink 1.0 in this space
last week. The new software suite, which was released
in July, is partly based on eEye’s respected Retina vulnerability scanner,
which debuted in 2000. But the new Blink bundle adds application- and
system-level firewalls, plus additional software that the company claims
will prevent hacker intrusions “based on the characteristics of an attack,
rather than the specific signature.”

eEye’s comparison chart, posted on
Blink’s product page, has inspired some of its competitors
to launch a few attacks of their own.

“Blink’s representation of what Entercept does is inaccurate and outdated,”
charges Zimal Solanki, McAfee’s director of product marketing for IPS products.

Besides strongly disagreeing with the eEye chart, McAfee spokespeople say their
security software has many features that eEye left out of the comparison
entirely. According to Patrick Bedwell, Entercept’s product marketing manager,
these include the following:

• Levels of Protection.
“We include a number of defined signatures in our product that eEye doesn’t,”
Bedwell maintains. “For some of the well-defined attacks, you really need to
have those signatures in place.”

• Scalability.
McAfee’s products have been well-tested in the line of fire in large
enterprises, Bedwell says. “We currently have about 30 million desktops
worldwide being monitored by
ePO,” the company’s ePolicy Orchestrator security
management tool, he indicates.

• Manageability.
McAfee’s software has evolved to respect the policies that exist within
enterprises of various sizes, Bedwell says. He contrasted that with the new
Blink 1.0, saying, “Their management console requires administrative
privileges, which low-level admins don’t always have.”

Securing the Enterprise, Computer By Computer

Spokespeople for Sygate Technologies, the makers of Sygate Secure Enterprise
(SSE) were even more adamant that their product had been
misrepresented and is, if anything, more capable than Blink.

“All of the functionality they say we don’t offer on that list, we actually
do,” flatly states Maritza Perez, product manager for SSE.

Bill Scull, SVP of Sygate, added his own list of features that he said his
company’s products offered that didn’t make it into eEye’s comparison:

• Enforcement.
“You might say, Here’s a list of things I want to be ‘on’ before this machine
can connect to my network,” Scull says. “You might want to make sure IM
[instant messaging] is off, that peer-to-peer networking is off, and that
there are other applications that are on.” Corporate policy might require that
an antivirus program be running and up-to-date on a roaming worker’s laptop,
for example, before it’s allowed to access the home network.

• Adaptive Policy.
“You might want a different policy when you’re connecting wirelessly from
Starbucks than when you’re inside the corporate firewall,” Scull points out.

• Performance And Monitoring Across The Enterprise.
Sygate’s largest customer has 250,000 devices under central management,
according to Scull. “When you need to scale to a quarter-million end points,
there are a lot of things you need to do.” Sygate recently has
announced deals ensuring interoperability in
multi-vendor environments, a benefit for corporations with mixed networks.

• Automatic Remediation.
When devices are found to be out of compliance with one security requirement
or another, Scull says, Sygate’s products are equipped to update many of them.
“The purpose is to make sure the computer is up-to-date before it connects to
the network,” Scull says. Remediation is an entire category eEye left out
of its comparison chart, he notes.

Finding Oneself in the eEye of a Storm

In a follow-up interview, eEye COO Firas Raouf acknowledged that Blink 1.0
doesn’t itself handle end-point updating.

“If a machine does not meet that level of security,” Raouf says, Blink can
“lock down that machine even further, or it can notify the Retina Remediation
Manager,” which is a separate product. “Over time, those two products will converge
into a single agent,” he said, adding that some corporations prefer to use
their own update-management software.

Thor Larholm, senior security researcher for
PivX Security
Solutions, a competitor to eEye that wasn’t mentioned in the comparison
chart, feels Blink brings to the industry fairly few new technologies. The
capability that does intrigue Larholm, after reading eEye’s white papers on the
subject, is the claim that Blink can prevent process-based buffer overflows,
a vulnerability that’s popular with hackers who seek to plant rogue programs
on PCs.

“That’s the only one from our point of view that’s at all interesting,”
Larholm says. “But that’s also the one that we have the least technical
information about. All of the other capabilities we see in other products.”

PivX’s own product, Qwik-Fix Pro, which was released on Aug. 16, “eliminates
specific vulnerabilities” in Windows, says director of forensic services
Jason Coombs. “Any attack that targets the vulnerability will fail before it
can take root.”

Conclusion

eEye has a well-deserved reputation for the benefits of Retina and the firm’s
other products and services. In a hot IPS market that’s rapidly growing in size
and importance, it’s understandable that security providers have their elbows
out to defend their reputations and customer bases.

Which IPS system truly is the best? That call will have to await independent
testing — which is just now getting underway, considering that some
of these products have been available only for weeks, not months. Until then,
my advice is, “Don’t believe everything you read on the Internet.”

RELATED NEWS AND ANALYSIS

• Ethics and Artificial Intelligence: Driving Greater Equality

  FEATURE |  By James Maguire,
  December 16, 2020

• AI vs. Machine Learning vs. Deep Learning

  FEATURE |  By Cynthia Harvey,
  December 11, 2020

• Huawei’s AI Update: Things Are Moving Faster Than We Think

  FEATURE |  By Rob Enderle,
  December 04, 2020

• Keeping Machine Learning Algorithms Honest in the ‘Ethics-First’ Era

  ARTIFICIAL INTELLIGENCE |  By Guest Author,
  November 18, 2020

• Key Trends in Chatbots and RPA

  FEATURE |  By Guest Author,
  November 10, 2020

• Top 10 AIOps Companies

  FEATURE |  By Samuel Greengard,
  November 05, 2020

• What is Text Analysis?

  ARTIFICIAL INTELLIGENCE |  By Guest Author,
  November 02, 2020

• How Intel’s Work With Autonomous Cars Could Redefine General Purpose AI

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  October 29, 2020

• Dell Technologies World: Weaving Together Human And Machine Interaction For AI And Robotics

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  October 23, 2020

• The Super Moderator, or How IBM Project Debater Could Save Social Media

  FEATURE |  By Rob Enderle,
  October 16, 2020

• Top 10 Chatbot Platforms

  FEATURE |  By Cynthia Harvey,
  October 07, 2020

• Finding a Career Path in AI

  ARTIFICIAL INTELLIGENCE |  By Guest Author,
  October 05, 2020

• CIOs Discuss the Promise of AI and Data Science

  FEATURE |  By Guest Author,
  September 25, 2020

• Microsoft Is Building An AI Product That Could Predict The Future

  FEATURE |  By Rob Enderle,
  September 25, 2020

• Top 10 Machine Learning Companies 2021

  FEATURE |  By Cynthia Harvey,
  September 22, 2020

• NVIDIA and ARM: Massively Changing The AI Landscape

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  September 18, 2020

• Continuous Intelligence: Expert Discussion [Video and Podcast]

  ARTIFICIAL INTELLIGENCE |  By James Maguire,
  September 14, 2020

• Artificial Intelligence: Governance and Ethics [Video]

  ARTIFICIAL INTELLIGENCE |  By James Maguire,
  September 13, 2020

• IBM Watson At The US Open: Showcasing The Power Of A Mature Enterprise-Class AI

  FEATURE |  By Rob Enderle,
  September 11, 2020

• Artificial Intelligence: Perception vs. Reality

  FEATURE |  By James Maguire,
  September 09, 2020