eEye Announces Retina CS

Taking advantage of the latest in rich Internet application development tools and feedback from thousands of customers, eEye Digital Security (www.eeye.com), today announced Retina® CS Compliance and Security, a powerful security and vulnerability management solution for small to mid-size enterprises and which security pros will find intuitive and easy to master. This next-generation Retina version packs the power of eEye’s vulnerability management technology into a richer, more attractive and user-centric package.

With a single, Web-based security console that manages all vulnerability and endpoint protection requirements, Retina CS boasts simplified navigation and a newly designed Web 2.0 interface that offers smart filters, quick access to key functions, instant column reordering, sorting, on-the-fly report creation and fast screen transitions that make for a true next-generation user experience. (Full product details: http://www.eeye.com/Products/Retina/CS.aspx)

Traditionally, vulnerability identification has been performed with network-vulnerability assessment scanners, and protection has been managed by endpoint protection platforms coupled with host-based anti-virus solutions. Alternatively, Retina CS from eEye alters this paradigm by providing all three functions within a single console and user interface that easily deploys security agents enlisted to identify, protect and fix vulnerabilities and repair mis-configurations.

"We’ve spent significant time compiling our SME customers’ most pressing concerns relating to their most urgent security problems,” said eEye CEO Kamal Arafeh. “An intensive effort was invested to satisfy a host of administrative requirements; the pay-off is that Retina CS has fulfilled our customer wish list for a kind of ‘express interface’ that superbly gets the job done with no redundancy or wasted effort. For example, need a PCI report for your external servers? Select the report, and Retina CS takes care of launching the scan utilizing preconfigured scan templates.”

Aimed at simplifying the complex task of assessing and managing security environments, Retina CS builds on eEye's award-winning suite of products that include the powerful and sophisticated Retina Network Security Scanner and the company’s Endpoint Protection solution, Blink. Designed to fit the needs of small to mid-sized organizations (SMB/SME), Retina CS provides a vastly improved and unified management console that combines simplified workflows with advanced custom reporting into one seamless experience.

• Simplified User Experience - We've listened to our customers and created a streamlined interface that allows for easy navigation so that complex tasks can be completed quickly and efficiently.

• Customizable Reporting - Whether the task calls for modifying an existing report or creating a new one, Retina CS makes it easy with drag & drop report sections and customizable filters.

• Rich Internet Application - Drag & drop, easy column reordering and sorting, interactive charts and graphs, smooth screen transitions.

• Cross Platform Browser Support - Retina CS can be accessed from any browser that supports Adobe Flash player.

• Improved Scalability and Performance - enhanced performance and improved scalability allows reports to generate faster while supporting more agents.

• Results-driven Architecture - Nobody wants to run vulnerability scans; rather, the goal of these scans is to assess the network and provide reports on those results. Retina CS keeps that in mind by utilizing powerful workflow.

"We designed Retina CS as a workflow-oriented solution to help customers meet regulatory and security compliance requirements while also giving them the ability to manage security from almost any Web browser or platform," said Arafeh. "The solution provides a single point of visibility into the entire vulnerability management process and enables quick identification, protection, and remediation of vulnerabilities. With these comprehensive threat and remediation benefits, Retina CS represents the next-generation of vulnerability management solutions."

To Purchase eEye Products visit http://www.wideeyesecurity.com

eEye Earns Virus Bulletin 100 Award

eEye Digital Security, a provider of integrated security and vulnerability management solutions, announced today that Blink Professional Endpoint Protection was once again selected to the Virus Bulletin 100 (VB100) list. The recognition marks the second consecutive year that Blink Professional has earned VB100 status from the Virus Bulletin, which is a leading authority on virus and malware protection.

To compile the VB100, the publication conducts independent comparative testing of anti-virus products widely recognized within the industry. The tests focus on virus detection rates and scanning speeds, as well as how products fare when scanning a set of files known to be clean.

To receive VB100 status, products must demonstrate the ability to detect all in-the-wild viruses during both on-demand and on-access scanning. Products must generate zero false positives when scanning a set of clean files. The latest VB100 tested 35 anti-virus products on systems running Windows Vista Business Edition.

"Because Virus Bulletin offers expert and impartial advice about anti-virus security, the recognition of Blink Professional on the VB100 further substantiates the leading role our software plays within our customers' critical infrastructures," said eEye CEO Kamal Arafeh. "The VB100 tests are widely recognized within the security industry and are particularly relevant because of their focus on in-the-wild detection, which includes active viruses causing real-world virus incidents in more than just one or two isolated places."

To Purchase eEye Products visit http://www.wideeyesecurity.com

eEye Retina Network Security Scanner Earns “Best Buy” from SC Magazine

Five out of five stars in every category for Vulnerability Assessment Group Test

(Irvine, CA) May 13, 2009 — eEye Digital Security (www.eeye.com), a provider of integrated security and threat management solutions today announced that SC Magazine recently reviewed its Retina Network Security Scanner, giving it the highest possible rating of five out of a possible five stars in all categories. In its recent group test of vulnerability assessment products eEye’s Retina was awarded “Best Buy” honors, a distinction reserved for products that SC Magazine Lab rates as “outstanding”.

The May 2009 issue of SC Magazine established that eEye’s Retina Network Security Scanner is “a great value for the money for almost any size environment,” and “provides a lot of great functionality that is easy to use and manage, all at a reasonable price.”

The review stated that the Retina Network Security Scanner is “a quick and simple installation” as well as “comfortable and easy to navigate.” It also calls set-up and configuration of scans “simple and intuitive.”

SC Magazine gave Retina Network Security Scanner five stars in all six categories: Features, Ease of Use, Performance, Documentation, Support and Value for Money.

The Retina Network Security Scanner provides multi-platform vulnerability management. Retina identifies known and zero-day vulnerabilities and provides security risk assessment, enabling security best practices, policy enforcement, and compliance with regulatory audits SOX, HIPAA, GLBA and PCI. Retina is available in three versatile delivery forms including Software, Appliance or Hosted (on demand) versions which makes it especially unique and suitable for any environment

“This report from SC Magazine shows us that our team has succeeded at delivering a product that exceeds expectations in categories across the board and is able to drastically raise the bar in network security,” said eEye CEO Kamal Arafeh. “We're honored to have SC Magazine recognize our Network Security Product with such high regards.”
eEye Digital Security is a provider of integrated security and threat management solutions with an installed base of some 9,000 customers including over one-half of America’s largest corporations as listed on the Fortune 100.

To Purchase eEye Products visit http://www.wideeyesecurity.com

New eEye Blink Server 4 Edition to Secure Application Servers

Integrated Server Protection Platform featuring a Web Application Firewall, Protocol based Intrusion Prevention, and File Tampering Monitoring for Servers

(IRVINE, CA) April 20, 2009 — eEye Digital Security (www.eeye.com), an expert in integrated security and threat-management solutions, today announced the general availability of Blink Server 4, an integrated protection platform for all types of Windows servers and applications.

Blink Server offers complete protection for all mission-critical servers by combining multiple-layers of server security capabilities and leverages an intrusion-prevention engine that protects against zero-day attacks including the most recent threats posed by Conficker. It also provides buffer overflow and patent-pending ActiveX protection.

“The addition of Blink Server helps round-out our product suite, which also features endpoint security and vulnerability assessment," said Chris Silva, eEye's Chief Architect and VP of Products. "We developed the solution based on the needs of our customers to enhance server security and combat threats in real-time as they migrate away from stand-alone anti-virus point solutions and adopt comprehensive endpoint management. When used along side of Blink Professional, Blink Server Edition helps them deploy a unified technology solution to both desktop and server platforms allowing for streamlined management.”

Blink Server 4 includes eEye’s SecureIIS Solution, a Web-Server Application Firewall that meets section 6 of the PCI DSS v1.2 requirements.

Blink Server further meets customer needs by thwarting 100 percent of all remote intrusion attempts on mission-critical servers such as those that host databases, financial, e-mail and Web-facing applications. Blink Server does this by providing a complete protection platform with integrated threat-management capabilities:

# Optimized rules and performance for server communications
# File monitoring for change control and tamper monitoring
# Application and system firewall for application communications control
# Virus and spyware protection
# Protocol-based intrusion prevention
# Vulnerability assessment to meet PCI, HIPAA, SOX, GLB, and FERPA compliance
# Patented system protection featuring Execution and Registry protection and monitoring
# Zero-day attack protection including buffer overflow and patent-pending ActiveX protection
# Configuration management enforcement and reporting

Blink Server 4: Primary Business Benefits:

# Optimizes defenses against viruses, spyware, worms, Trojans, cross-site scripting, SQL injection attacks, e-mail server protection, mis-configurations, and other malicious zero-day exploits through layered security protection
# Provides significant administrative time savings and reduces system resource requirements for memory by consolidating multiple security agents into a single light-weight agent
# Reduces security costs by more than 70 percent by eliminating the licensing and support costs associated with buying and maintaining multiple security solutions
# Offers centralized attack, risk, vulnerability and overall security management in a single Web-based user interface when deployed in combination with REM, eEye’s Security Management Console

To Purchase eEye Products visit http://www.wideeyesecurity.com

eEye Offers Free Utility to Detect Conficker Worm and MS08-067 Patch

Estimates peg 9-12 million computers already infected by earlier strains of Conficker

(Irvine, CA) March 31, 2009 — In response to Conficker, a breed of self-updating worms that is difficult to avoid, Researchers at eEye Digital Security (www.eeye.com) have devised a Conficker detection engine that centers on running a network scan to detect hosts compromised or vulnerable to Conficker. In a proactive measure to protect users, starting today, organizations can download from eEye a free utility that is built around the company’s Retina Network Security Scanner that will detect hosts that are compromised with this latest worm and malicious botnet or do not have MS08-067 applied, the most effective propagation technique that Conficker uses.


The Retina Utility from eEye can be downloaded at:
http://www.eeye.com/html/downloads/other/ConfickerScanner.html

The Conficker worm utilizes a variety of attack vectors to transmit and receive payloads, including: software vulnerabilities (e.g. MS08-067), portable media devices (e.g. USB thumb drives and hard drives), as well as leveraging endpoint weaknesses (e.g. weak passwords on network-enabled systems). The Conficker worm will also spawn remote access backdoors on the system and attempt to download additional malware to further infect the host.

“The Conficker worm represents predictions eEye has been making for years,” said eEye CEO Kamal Arafeh . “Blended threats can take advantage of a missing patch, propagate though a USB key, create a silent but crippling peer-to-peer network, and provide the stealthiest capabilities of a botnet using complex command and control methods. eEye Research has developed solutions to protect against these threats as monolithic entities and when combined, our solutions are very effective in identifying and stopping the propagation of blended threats such as Conficker.”

The Retina Network Security Scanner thwarts network exploits and data loss attacks by analyzing specific pieces of operating systems, applications, and policies. The tool identifies high-risk host components and determines how malware such as the forthcoming Conficker worm can potentially leverage systems for malicious activity due to missing patches, poor configurations, and vulnerabilities.

In addition to the detection of the Conficker worm, eEye Digital Security's Blink Endpoint Protection Platform can effectively protect hosts, even if they are not patched, from the propagation of this worm. Using protocol based IPS analyzers, Blink can detect and stop the malicious traffic associated with MS08-067 and block the worm from self propagating. For installations that are already infected, Blink's multi layer antivirus engine will remove the Conficker worm and provide protection until a permanent remediation is performed on the host.

System Requirements to download eEye Retina Utility for Conficker:
# Operating System: Windows 2000/XP/2003
# Internet Explorer Version 5.01 or higher
# System RAM: 128 MB
# Storage: 20 MB


Related Links & Resources:

The HoneyNet Project:
http://www.honeynet.org/papers/conficker/

Felix Leder and Tillmann Werner Analysis:
http://iv.cs.uni-bonn.de/wg/cs/applications/containing-conficker

Microsoft Advisory - 967940
http://www.microsoft.com/technet/security/advisory/967940.mspx

Microsoft Malware Protection Center:
http://tinyurl.com/absz6f

Microsoft Security Bulletin MS08-067:
http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx

SANS - Internet Storm Center:
http://isc.sans.org/diary.html?storyid=5860

Shadowserver Foundation:
http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20090212

To Purchase eEye Products visit http://www.wideeyesecurity.com

eEye Awarded 2009 Everything Channel Five-Star Partner Program Guide Certification

eEye Channel Partner program recognized as ‘exceptional’ by leading Channel authority

(Irvine, CA) March 30, 2009 — eEye Digital Security (www.eeye.com), an expert in integrated security and threat-management solutions, today announced it has been recognized by Everything Channel as one of North America’s top information-technology (IT) vendors for its channel partner program.

eEye’s partner program was awarded a Five-Star certification in Everything Channel’s 15th annual 2009 Partner Program Guide (PPG), acknowledging its commitment and strength of its programs for reseller partners which include IT integrators, technology solution providers, and consultants.

A list of PPG winners will appear in the March 30 issue of CRN magazine, the channel industry’s leading publication, and online at www.Channelweb.com, the world’s largest channel industry portal.

Partners stand to gain up to 40% margins by teaming with eEye. Two levels of partnership (Advisor and Expert) provide the opportunity and flexibility needed to participate in the eEye channel program. The value of being an eEye Digital Security Partner lies in the business opportunity to build a highly profitable business with high margins coming from product sales, professional services and managed service offerings.

eEye partner LockNet, Inc., of La Crosse, WI, provides managed security services to 400 customers and supports more than 2,500 end devices. Security services accounts for 45% of its business. Says Jeff Reiter, vice president of finance, “Business has tripled in the last year, largely due to the MSP side of the business, and we’re on pace to double again this year.”

Research for the 2009 Everything Channel Partner Programs Guide and the Everything Channel Five-Star Program was conducted by Everything Channel's Institute for Partner Education & Development (IPED). IPED analyzed 130 vendor programs rating vendors' responses to nearly 60 in-depth questions about their partner programs in the six elements of sales support, marketing support, partner profitability, channel operations, communications and partner recruitment. To ensure fair comparisons, companies were placed in one of four categories based on company size.

IPED weighted the responses to each question about such program elements as sales support and partner recruitment so that the total weight given to a vendor's answers in any of the six elements can potentially be scored as high as 100. The weighting scheme varies depending on the company size and product type and is based on IPED proprietary analysis methodology and intellectual property. In each of the four company categories, the companies with the highest overall weighted scores received the Everything Channel Five-Star Program designation.

“Now more than ever, the quality of a vendor’s partner program determines how profitable its partners will be. So for their commitment to their partners, and their efforts to build quality programs, we congratulate this year’s Five-Star Partner Program Guide winners for helping to drive greater revenue in the channel,” said Robert C. DeMarzo, senior vice president and editorial director, Everything Channel.

To Purchase eEye Products visit http://www.wideeyesecurity.com

eEye Digital Security Offers Unique “Any Means Possible” Penetration Testing Services

eEye Digital Security Offers Unique “Any Means Possible” Penetration Testing Services

eEye extends Research services to include elite penetration testing service that will be available for 25 percent off through April 30, 2009

(Irvine, CA) March 9, 2009 — eEye Digital Security (www.eeye.com) , an expert in integrated security and threat-management solutions, today announced that they have expanded a previously private offering known as AMP, the Any Means Possible penetration testing service. As more and more security companies attempt to offer their version of penetration-testing services, the true value of these services has diminished into little more than standard “scan-and-report” services.

The AMP offering utilizes the expertise and unique skill set of eEye researchers in order to emulate real-world attacks against an organization. This process provides private and public organizations with a real-world defense exercise that allows them to assess their security posture against a well-equipped and advanced attacker team that has targeted their mission-critical data or systems.

eEye Digital Security will be offering its Any Means Possible Penetration Testing Services at 25 percent off the retail price for all purchases made from March 9 through April 30, 2009.

“eEye Research has been performing these engagements for years as part of our private security intelligence service Preview,” said eEye Research Director Andre Derek Protas. “The eEye Research Team has seen the penetration market dwindle down to a simple vulnerability scanning service that operates under a penetration testing name. Most companies understand that they have critical data or systems that, if successfully compromised by an attack team, could result in substantial losses to the company. Our AMP methodology is designed specifically to test the security mechanisms put into place to protect that data by emulating real-world attack scenarios, giving customers actionable data to use for business decisions.”

To Purchase eEye Products visit http://www.wideeyesecurity.com