eEye | Antivirus, Antispyware & Vulnerability Management Solutions - eEye Introduces Industry's First Comprehensive Tracking & Analysis Website for Zero-Day Vulnerabilities

News

eEye Introduces Industry's First Comprehensive Tracking & Analysis Website for Zero-Day Vulnerabilities

Security leader creates the first free resource providing detailed information on all zero-day vulnerabilities, including analysis, archiving and remediation instructions

(ALISO VIEJO, CA) December 05, 2006 — eEye Digital Security7reg;, a leading developer of network security and vulnerability management software solutions, as well as the industry’s foremost contributor to security research and education, today announced that it is offering the industry’s first vulnerability tracking site that focuses exclusively on zero-day vulnerabilities, or those vulnerabilities in which technical details regarding exploitation methods are in public circulation prior to the availability of a software patch. This Zero-Day Tracker provides detailed information, analysis and remediation strategies for these unpatched security vulnerabilities, including information that is not available from any other source. eEye’s zero-day tracking site provides organizations the data needed for remediation and outlines proactive steps that can be taken to prevent attackers from using these critical security vulnerabilities to penetrate their networks. Interested parties can immediately visit the site here: http://research.eeye.com/html/alerts/zeroday/index.html.

“The increasing proliferation of zero-day vulnerabilities means the previous window of opportunity IT had to secure networks between the release of a software patch and an attack has been slammed shut,” said Marc Maiffret, eEye’s founder and CTO. “More zero-day security vulnerabilities and attacks are being discovered every day and dealing with them can easily dominate an enterprise’s IT efforts. As a result, we’ve been overwhelmed by requests from our customers to give them the information and time they need to protect their networks. Our Zero-Day Tracker is a direct response to this tremendous demand.”

eEye’s Zero-Day Tracker is maintained and run by eEye Research, one of the world’s best security research organizations, responsible for discovering more critical security vulnerabilities than any other research group in the world. As a result, eEye’s Zero-Day Tracker helps IT and security professionals keep track of past and present zero-day vulnerabilities in real-time. eEye has always provided recommendations on what users can do to mitigate vulnerabilities. The Zero-Day Tracker extends and expands this service, creating far more than just a link repository of known vulnerabilities and recommendations. The Zero-day Tracker provides information that would otherwise be unknown to the public. For example, the eEye Research Team investigates vulnerabilities independently of other reports, separating “denial of service” vulnerabilities from those that are truly exploitable through exhaustive, expert research. An example of this can be found here: http://research.eeye.com/html/alerts/zeroday/20061128.html. Originally reported as a “denial of service” flaw, eEye demonstrates that the vulnerability is actually exploitable. By tracking the vulnerability in detail, eEye enables security professionals to implement mitigation strategies immediately.

eEye’s research team constantly monitors these zero-day flaws, continually providing information even if data is not publicly disclosed in other outlets. All future zero-day vulnerabilities will also be added to the list, and information on any past zero-day vulnerability can be requested from eEye Research. Interested parties can email eEye Research at skunkworks@eeye.com to request additional zero-day posts or with general questions related to eEye Research.

In addition to the Zero-Day Tracker, eEye provides proactive protection to its customers from the exploitation of zero-day vulnerabilities with Blink® Professional, providing unified client security and allowing IT departments to deploy software patches according to regularly scheduled maintenance cycles. Blink does not require shutting down services or applications as a means of protection, thus allowing businesses to continue to function normally. The result is 100 percent protection, with no downtime or impact to operations. In addition, current customers using the Retina Network Security Scanner are already able to scan their systems for these critical vulnerabilities.

About eEye’s Security Research Team
Over the last five years, eEye has been recognized as the preeminent organization in the discovery of the most critical vulnerabilities in various platforms and applications, including the vulnerabilities subsequently leveraged by the Sasser, Witty and Code Red worms, as well as the Microsoft ASN vulnerability and scores of other important discoveries. This expertise gives eEye a distinct advantage in designing services and software solutions for the assessment, remediation and prevention of vulnerabilities and the attacks that leverage them.

About Blink® Professional
Designed to be implemented on individual assets such as servers, PCs and laptops, Blink is the first endpoint product to combine multiple layers of security technologies to protect organizations from zero-day attacks that leverage yet unknown vulnerabilities within enterprise networks. This comprehensive security solution allows organizations to defer patching vulnerable machines until regularly scheduled maintenance cycles, thereby saving millions of dollars in business disruption and the associated IT resource drain caused by “panic” patching. Additionally, Blink eliminates the problem of so-called “socially engineered” security threats in which hackers trick individuals into downloading malware or otherwise making their own machines vulnerable to attack. As a result, Blink uniquely protects assets from vulnerabilities, as opposed to only thwarting attacks. For those interested in protecting corporate systems with Blink, an evaluation version is available for download on eEye's Website: http://www.eEye.com/Blink.

eEye's integrated family of vulnerability management solutions helps IT and security professionals confidently safeguard their valuable digital assets. eEye's products include Blink® Professional, Retina® Network Security Scanner, REM® Security Management Console, Iris® Network Traffic Analyzer and SecureIIS™ Web Server Protection.

About eEye Digital Security

eEye Digital Security is the global leader in a new class of security solutions: comprehensive vulnerability management and zero-day endpoint security protection. eEye enables secure computing through world-renowned research and innovative technology, supplying the world's largest businesses with an integrated and research-driven vulnerability assessment, intrusion prevention, and client security solution. eEye's research team is consistently the first to identify new threats in the wild and our products leverage that research to deliver the insights and tools necessary to protect our customer's operating environments. For more information, please visit http://www.eeye.com

Primary Press Contact

Victor Cruz
MediaPR
(401) 349-3369 vcruz@mediapr.net

EMEA Press Contact

Ralph Klöwer
INTERFACE Relations
+49 (0) 89-552 688-66 r.kloewer@interface.pr.de