eEye Blink Professional Edition Overview:

Forget panic-patching. Make zero day attacks a non-event.

Blink Professional client security delivers integrated multi-layered endpoint protection. Blink is a single, lightweight client that replaces multiple security agents, protecting against known exploits, zero day attacks, and all other attack vectors.

While signature-based anti-virus continues to be the primary endpoint protection mechanism in use today, there is a major shift occurring towards integrated threat management to enhance security. Desktop administrators are constantly struggling to prevent attacks against unpatched endpoints and are tired of installing new agents each time a spyware, phishing attack, remote exploit, or other new threat is identified. Using standalone anti-virus is a tactical approach that drains system resources, depletes IT budgets and fails to prevent zero-day attacks.

Complicating the endpoint security equation further is the breakdown of client-server network architectures. As mainstream adoption of virtualization, mobile, wireless and remote access technologies force the traditional network perimeter to dissolve, the opportunity for worms and viruses to propagate has increased dramatically. In response, perimeter and network security capabilities are increasingly required on host endpoints.

Award-Winning Antivirus
Blink Professional delivers single, lightweight, industrial strength agent, integrating antivirus, antispyware, vulnerability assessment, desktop firewalls, plus intrusion prevention.

• Integrated Client Security Agent - Integrated antivirus, antispyware, antiphishing, plus firewall technologies.
• Automatic System Protection - Complete system, registry, buffer overflow, and rootkit protection.
• Resource Efficient Security Client - Extremely lightweight, the Blink endpoint protection agent runs at around 66MB.
• Centralized Policy Enforcement - Single policy for all security components.

Tired of panic patching? - Blink Professional Client Security protects your business systems without the need for patches or signatures. Blink's integrated vulnerability assessment and intrusion prevention technologies provide protection beyond traditional antivirus-only products. Blink protects from zero day attacks, viruses, spyware, phishing attempts, and so much more.

Has your current antivirus product failed you? - Blink Professional Client Security protects you where other antivirus software products fail. Unlike traditional antivirus-only products, Blink integrates government-proven vulnerability assessment and intrusion prevention technologies along with award-winning antivirus and antispyware technologies, providing the most complete endpoint protection available.

Too many security agents, policies, and consoles? - Blink Professional Client Security integrates the most layers of protection into a single, lightweight security agent. Blink takes away the pain of having to install multiple security agents, configure multiple security policies, and manage varied and disjointed security incidents through multiple security consoles.

Too many resources required to run your security agents? - Blink Professional provides the best client security protection with the least impact on system resources. Gone are the days of client security "bloatware" - Blink delivers integrated, award-winning, and industry-proven security technologies, designed to be lightweight from the beginning. No monopolistic technology acquisitions or failed attempts at jamming in unnecessary management capabilities - just industry-recognized development best-practices resulting in the best software infrastructure possible.

Integrated Threat Management: Complete Endpoint Protection

To enhance endpoint security and combat threats in real-time, organizations are migrating off of standalone anti-virus and adopting integrated threat management instead. Blink 4.0 from eEye Digital Security, combines multiple-layers of endpont security capabilities and leverages a host-based intrusion prevention engine that dynamically collects and incorporates new threat data in real-time. Since the product was launched in 2006, it has successfully thwarted 100% of remote intrusion attempts. Blink 4.0 provides a complete endpoint protection platform with full-featured integrated threat management capabilities. Blink 4.0 delivers a host of positive business benefits:

• Layered security protection that optimizes defense against viruses, spyware, worms, Trojans, and other malicious zero-day exploits
   
• The ability to consolidate 5+ discrete endpoint security agents into 1 Blink 4.0 agent and reap significant administrative time savings in the process
   
• Reduce system resource requirements by over 50% compared to the memory footprint fo maintaining 5+ discrete endpoint security products
   
• Reduce endpoint security costs by over 50% by eliminating the licensing and support costs associated with buying and maintaining multiple endpoint security products
   
• Gain centralized policy control over applications, system resources, and removable storage devices
   
• Combine Blink 4.0 with REM, eEye's Security Management Console, to obtain centralized attack, risk, vulnerability and overall security management

Features and Benefits:

1. Protects against Viruses, Spyware, Trojans, Keystroke Loggers, and other Malware
Blink protects from malicious applications in real time, as well as providing full disk scanning capabilities by using three layers of protection: signatures, heuristics, and sandbox engine technology.

2. Stops the Propagation of Worms and Viruses
In addition to protecting from attacks, Blink stops new or current infections by slowing or stopping the attack as it moves across the network and protecting one trusted host on the network from infecting another.

3. Protection for (and from) Mobile Users
Mobile users are outside the corporate firewall and must be protected when they connect at airports, hotels, partner sites, and even at home. Once they return to the corporate network, Blink dynamically changes policies to provide maximum protection while away, and trusted connections while in the office, ensuring proper protection where ever they go.

4. Policy and Regulatory Compliance Enforcement
Blink regulates the use of non-approved applications and report any changes to a host that would impact compliance. In addition, the local Retina vulnerability assessment engine built into Blink reports health and status for all regulatory compliance initiatives.

5. Scalable and Centralized Control with the REM Security Management Console
Using the REM Security Management Console, Blink can be managed with little or no end-user intervention as part of your entire threat management strategy. REM provides the ability to deploy agents, maintain policies, and report on all of the Blink agents from a single web-based interface. In addition, REM is available as an appliance or software to meet the individual business requirements of any organization.

Features:

Integrated Client Security Agent - Integrated antivirus, antispyware, antiphishing, plus firewall technologies.

Integrated Endpoint Protection - Host vulnerability assessment, intrusion prevention, plus intrusion detection.

Automatic System Protection - Complete system, registry, buffer overflow, plus rootkit protection.

Resource Efficient Security Client - Extremely lightweight, the Blink endpoint protection agent runs at around 66MB.

Prevent Panic Patching - Protects without the need for patches or signatures.

Centralized Policy Enforcement - Single, integrated policy for all security components.

Removable Storage Policy - Prevent data leakage through storage device control (such as USB and FireWire).

Network-Aware Policies - Dynamically set policies and configuration settings based on physical network location.

Additional Futures and Benefits:

Firewall Protection - Blink performs traditional firewall duties, allowing or denying traffic based on a set of predetermined rules. Blink also monitors the source of network traffic in real time and only allows traffic from authorized applications, preventing unauthorized programs from making illegal outbound connections.

Virus and Spyware Protection - Blink provides complete signature and heuristics-based attack protection. Using patented sandbox technology, Blink actively blocks malicious activity from being loaded into memory. Signatures provide an additional protection layer but Blink is not signature dependent and can stop new attacks as they are released without the need for updates.

Intrusion Prevention - Blink provides protection where a vendor has not yet created signatures or patches to protect against vulnerabilities in their operating system or application. Blink blocks "zero-day" attacks that bypass traditional signature-based solutions, eliminating the need or use of specific attack signatures.

System Protection - Blink provides control over which applications are allowed to function by authorizing or denying program file execution. Registry Protection prevents specific registry settings from being modified, stopping malicious programs from infecting or modifying systems. Storage Protection prevents data leakage by regulating USB and Firewire storage devices.

REM Security Management Console - Combined with REM, the integrated solution provides event and state analysis capabilities along with security and compliance reporting. The REM Security Management Console integrates attack-related information with local and network vulnerability assessment data, providing a complete security picture.

Active X Protection - Blink Active X protection is based on Patent Pending technology that blocks threats at the lowest common denominator attack vector. This occurs by interfacing with the ActiveX system itself and using heuristics, signatures, and identification of suspicious calls, provides 100% effectiveness at blocking illegal remote code execution.

Key Advantages:

• Anti-Virus, Anti-Spyware, and Anti-Malware (signature, heuristics, and sandbox engines)
   
• System and Application Firewalls (Port, IP, and Application Based)
   
• Host Intrusion Prevention System (Protocol Based)
   
• Identity Theft Protection (Removable Storage Protection and Phishing)
   
• Zero Day Exploit Protection (Buffer Overflow and API Protection)
   
• Local Vulnerability Assessment powered by Retina
   
• Non-intrusive protection does not disrupt applications and business functions as a means of protection
   
• Blink does not require resource intensive “learning mode” to initiate protection
   
• Completely transparent, no end-user intervention or behavioral training required
   
• Easily create and enforce central policies and publish to selected users, groups, or hosts
   
• The REM Security Management Console provides complete policy, control, and reporting for Blink Enterprise users.

Blink: Protection from the Threats of Today and Tomorrow

A war is being waged against the desktop. Attacks against desktops within home and business networks occur every day, all in an attempt to gain unrestricted access to these systems. Attackers are smarter and more potent than they were in the past, many times being driven by stated intentions or monetary gain. Regardless of an attacker's intention, the exploit process, whether for intrusions or scams, follows a common script. Fortunately, we at eEye Digital Security know that script by heart.

eEye Digital Security has been at the forefront of learning how attackers exploit systems for over 10 years. While trends in attack scenarios has been moving rapidly over the past few years, eEye has been able to leverage its intimate knowledge of vulnerabilities and exploits to develop Blink, the most advanced host-based protection suite on the market. The result is best-in-class protection for every desktop, as well as ease of mind for IT security professionals.

Mass Exploitation vs. Targeted Attacks

Mass exploitation incidents (such as the notorious Italian Job MPack release) are widespread, effective and troubling. Such incidents can result in a large botnet being formed within only a few hours, becoming a very powerful attack tool used by the perpetrators for later malicious activities. Furthermore, the speed at which these incidents occurs is so rapid that, by the time it is reported publicly, the mass infection has already achieved the malicious goal of the attacker.

Perhaps more important is the type of attack that doesn't gain public notoriety for a number of reasons: targeted attacks. In these scenarios, an attacker has a specific goal within an organization or individual. Depending on the value of the target, many times an attacker will employ zero-day exploits as well as custom malware that bypass AV signatures. Both scenarios are very serious for any organization, but the one that ends up with the most serious impact will tend to be the targeted attack, as this is when intellectual property and data are at the most risk.

While most businesses are able to react to mass exploitation scenarios, nearly none are able to quickly react to a targeted attack. Worse, many attacks achieve their goal and disappear before anyone in the target network has even noticed the malicious activity.

The Move to Client-Side Attacks

Hackers are moving from network-based attacks to client attacks. Recent trends show that client-side applications pose the greatest risks today. Unfortunately, the large NIDS/NIPS market that so many organizations rely on is rendered useless against most client-side exploitation attempts, which operate below their radar. Whereas most network-based protocols are simple and commonly documented in RFCs or knowledge bases, client-side file-formats are rarely documented and are incredibly convoluted.

The other main threat facing the desktop is browser-based vulnerabilities. Browser-based vulnerabilities are very simple to exploit since user-interaction is typically easy to influence. Under some circumstances, even a visit to trusted site could be dangerous. Even though this traffic is being sent across the well-documented HTTP-protocol, it can be obfuscated by the attacker to render any in-line network-based IPS system useless against the traffic since the NIPS does not have the functionality capabilities of the end-user's web browser (i.e. JavaScript / VBScript).

Unfortunately, file-format and browser-based vulnerabilities represent a majority of the exploits being launched in successful real-world attack scenarios today.

Generic Memory-Based Protection is Essential

When unknown zero-day exploits are unleashed against a system, the only defense that users have is generic protection from their host-based security solution. eEye has developed Blink's System Protection functionality. A portion of this functionality is the monitoring for potentially malicious activity within a process and protecting the system from exploit code by terminating and restarting the process prior to exploitation. There is literally no other way to protect system from the unknown. While Blink is not the only host-based tool to protect in this manner, "Blink can provide a superb breadth of power in a single well-designed and solid package." - VB100. IN simple terms, Blink has successfully blocked every identified memory-based user-land exploit since its inception; a track record that should resonate with those who have been impacted by unknown exploits.

This gives IT administrators the advantage to roll out mitigation or patches on their own time with peace-of-mind knowing that their systems will be protected.

Generic Anti-Virus Protection Must Be Implemented

Many AV vendors rely specifically on collecting malicious binaries in the wild and writing signatures for those samples. Unfortunately, this does not proactively prevent unknown malware from infecting users before the AV company has been able to attain a sample. Because of this specific reason, Blink has multiple layers of generic detection methods above the malware signature engine. These mechanisms include several heuristic modules, as well as a distinguishing utility known as a sandbox. Within this sandbox, a binary is run in a full Windows emulated environment to detect the full behavior of the binary prior to it executing on the host operating system. This allows for a very unique perspective on the functionality of a binary without previous knowledge of the sample, allowing for a very powerful extra-layer of defense for malware.

Blink Version Comparison:

	Blink Personal	Blink Professional	Blink Server	Blink Server Web Edition
Host Based Virus, Spyware, and Phishing Protection
System and Application Firewalls and Host Based Intrusion Prevention
Embedded Retina Vulnerability Assessment Engine
Centralized Management via the REM Security Management Console
Optimized for Server and High Volume Communications
Predefined Server Profiles and Policies
File System and Directory Monitoring
Microsoft IIS Web Application Firewall featuring SecureIIS

Enterprise Vulnerability Management:

Designed for a range of small business, medium business (SMB), to large enterprises, Retina Network Security Scanner is available as both a network security software solution plus a vulnerability management appliance solution.

• Centralized Vulnerability Managementt - Integrated vulnerability assessment, policy enforcement, policy auditing; improving enterprise network security.
• Centralized Incident Management - Prioritized vulnerability management plus client security threats and attacks; reducing security risk plus network security response.
• Enterprise Security Reporting - With integrated vulnerability, attack and policy information provided by Retina and Blink, REM provides organizations with metrics and graphical representations of their enterprise security posture.
• Executive Dashboard - Customizable reports and charts; integrated asset management, client security, risk assessment, plus vulnerability assessment.

Specifications:

Blink is an integrated, lightweight endpoint security solution. The following are the minimum system requirements for Blink Professional Endpoint Security as well as the REM Management Console:

Awards:

Blink has received recognition from leading technical publications and product reviewers with exceptional ratings:

	VirusBulletin VB100 Award — Blink Client security with Antivirus is awarded the VirusBulletin VB100 Stamp of Approval. June 6, 2007
	Info Security Product Excellence Award — eEye Digital Security Was presented with the 2006 Info Security Global Product Excellence Award for Blink Client Security. August 14, 2006
	AeA Best Software Infrastructure — eEye was presented with the AeA 2006 High Tech Innovation Award for Best Software Infrastructure. May 18, 2006
	Windows IT Pro 2005 Readers Choice — Blink Client Security was awarded the Windows IT Pro 2005 Readers Choice for Intrusion Prevention and Intrusion Detection. September 1, 2005
	Network World Best of the Tests — Blink Client Security software was selected as a Finalist for the Network World 2005 Best of the Tests. January 27, 2005
	SIIA Codie Awards — Blink Client Security software selected as a Finalist for the Prestigious Codie Awards. January 19, 2005
	NetworkWorld Clear Choice — Blink Client Security software awarded the NetworkWorld Clear Choice Winner Award for the Endpoint Security Product category. September 20, 2004

Blink Screenshots:

	Blink Professional - Interactive Mode Blink takes defense in depth strategies to a new level by combining and extending proven security technologies in a single host based platform.
	Network Discovery View Using the eEye Console administrators are given a network-wide view of their critical assets, and are able to deploy custom policies accordingly.
	Blink Analyzer Blink's non-intrusive protocol analysis stops attacks before they are able to reach the process layer.
	Blink's Local Vulnerability Assessment Based on the award winning Retina scanning engine, Blink delivers host-level vulnerability data in the form of Health Reports.

Documentation:

Download the eEye Blink Professional Edition Software Datasheet (PDF).

Download the eEye Blink Endpoint Protection Platform Solution Overview (PDF).