Home

Akibia Spotlight

Check Point's Powerful SSL-VPN Capabilities Enhanced

Nokia Enhances Security Portfolio with IP390

Secure & Accelerate Your Business with Blue Coat

Your Reputation Precedes You: The Future of E-Mail Reputation Systems

Scaling Protection: The Network Now Plays a Roll in LAN Security

Compliance, NAC, VoIP & Others Require Next-Generation Network Infrastructure

The RSA Security PCI Solution

Solving the Entitlement Reporting Challenge

Case Study: Paragon Biomedical Secures Clinical Data via TippingPoint IPS

Achieving Compliance Nirvana

Voice on the Mobile Edge

Better Visibility for More Efficient Compliance

Best in Class HIPS Solutions for Best Practice Endpoint Security

Akibia News

Akibia Partners

Contact Akibia

 

 

Best in Class HIPS Solutions for Best Practice Endpoint Security
By Mike Puterbaugh, VP, MARKETING - EEYE DIGITAL SECURITY

 

Security threats have changed rapidly over the past few years resulting in two emerging trends: zero-day exploits and targeted attacks.

Historically, the existence of an exploit was the result of a race between hackers and security teams when a software vendor released a patch. As tools for assessing vulnerable systems and deploying patches improved, so too did the patching process. Customers began to win the patch battle forcing a shift from patch exploitation to un-patched vulnerabilities, such as the WMF, Internet Explorer and other zero-day flaws.

In addition to the zero-day phenomenon, there has been a shift away from the mass-vandalism events on the Internet to specific targeted attacks - such as installing a key logger to capture passwords, trojan horse attacks to steal customer data or specific malware designed to track users' communications to collect proprietary data as corporate espionage.

As a result of targeted and zero-day attacks, customers are finding that as the problem has moved, so has the solution. Given that it's impossible to effectively write a signature for a zero-day attack, the massive spending on anti-virus solutions no longer working to protect in advance of the attack is coming under question. Additionally, the targeted nature has made it more difficult to catch the socially engineered email approach through traditional spam-blocking solutions, which has created a tremendous amount of interest in Host-Based Intrusion Prevention (HIPS) solutions to solve this problem.

HIPS solutions come in a variety of forms, ranging from heuristic-based learning systems to protocol analyzers to simple buffer overflow protection tools.

At a minimum, a complete HIPS system should consist of both buffer overflow protection and protocol analysis, which protect networks by looking at the nature of traffic entering the system before allowing it into the operating system. By analyzing the traffic for common methods of attack, this combination of network analysis and buffer overflow stops a greater percentage of attacks in advance of patches being available.

In creating a better client protection model, the ideal approach is to think of the attack as three stages - the social engineering needed to get the user to take an action leading to an exploit, the exploit itself and the payload. Best-in-class HIPS products like eEye's Blink¨ Endpoint Intrusion Prevention solution, include anti-phishing, system firewalls and application firewalls to stop this first stage, a buffer overflow protection and protocol analysis engine to stop the exploit, and anti-spyware protection to remove malware components. This multi-layered approach covers both attack prevention and policy enforcement - stopping attacks and managing how a system and its applications can be used, contributing to reduced attack surface and potential introduction to malicious code.

As the industry's first endpoint security solution to incorporate multiple layers of proven technologies Blink¨ is the perfect complement to the existing arsenal of anti-virus and spam technologies.

To learn more about implementing a proactive solution for eEye's best in class HIPS Solution helping you combat today's evolving security threats, visit www.eeye.com/blink or contact John Minnihan at 866.339.3732 ext. 181 or via email, jminnihan@eeye.com.

 

About the Author

As eEye Digital Security's Vice President of Marketing, Mr. Puterbaugh is responsible for all strategic and tactical marketing operations, including analyst relations, brand development, channel marketing, demand generation, product marketing, public relations, and web presence. Prior to eEye, he held senior marketing positions at Quest Software, Mercury Interactive and Intel Corporation, where he was a part of the microprocessor marketing and business planning team. Mr. Puterbaugh holds a Bachelor's degree from San Jose State University.