Home > Company > News > PR20081215
News
eEye Digital Security Now Offering SQL Injection Protection For Microsoft IIS Servers

SecureIIS™ 3.0 Also Protects Against Buffer Overflow, ParserEvasion, Directory Traversal and General Exploitation Attacks

(Irvine, CA) December 15, 2008 — eEye Digital Security (www.eeye.com), an expert in integrated security and threat-management solutions, today announced the general availability of SecureIIS™ v 3.0. Offering proactive Microsoft IIS Web-server protection, the latest version of SecureIIS features SQL injection protection for which users can enable and select defense levels from an action menu.

SecureIIS operates within Microsoft IIS to actively inspect all incoming requests at each stage of data processing. This allows the technology to prevent potentially damaging network traffic from penetrating servers and compromising Web-based applications, whether the traffic is encrypted or unencrypted.

“This capability is critical because vulnerabilities in software applications are responsible for the vast majority of network security breaches and data loss,” said Morey Haber, VP of Business Development for eEye Digital Security. “In particular, Web-server applications like Microsoft IIS are consistently targeted because of the ease of application deployment and potential flaws inherent with coding and configuration mistakes.”

These flaws aid in the creation of some of the most damaging worms that cause compromised Websites and Microsoft IIS directory vulnerabilities. With proper network protection from SecureIIS, users are able to repel common and nefarious attacks.

“When we were hit with an exploit, I was looking at our server logs and realized something was amiss,” said Lisa Davis, IT Specialist for the Iowa Department for the Blind. “I shut our router down until I could figure it out, and what I learned was that SecureIIS saved us from a very serious attack. A number of organizations in our area were infected from the same vulnerability. SecureIIS notified me that something unusual was going on and blocked it in the meantime. That’s the beauty of behavior-based security.”

Key Features of SecureIIS 3.0

  • SQL Injection Protection - filters common commands and characters to stop SQL injection attacks.
  • PCI DSS Compliance - meets the requirements for Payment Card Industry DSS v1.2 for a web application firewall by providing an in-line solution that can protect against the latest threats even when no application mitigation is available.
  • Application Layer Protection - inspects requests from the network and kernel levels as well as processing levels in between.
  • IIS ISAPI Integration - monitors data processed by IIS and blocks requests at any point that resembles a class of attack patterns.
  • Zero Day Protection - inspects Web-server traffic for issues such as buffer overflows, parser evasions, directory traversal and other attacks to block entire classes of attacks, including those not yet discovered.
  • Non-Intrusive Protection - offers protection without affecting service levels on Web servers and provides improved performance when Web servers come under attack.
  • Third-Party Application Protection - stops attacks launched against third-party Web server applications or custom Web scripts.
  • Protection Over SSL Encrypted Sessions - stops attacks on encrypted sessions based on the ability to analyze the content of HTTPS sessions before and after SSL encryption.

    “Because Web servers often provide a portal to the internal network, they require a more formidable and customized level of protection,” Haber said. “SecureIIS offers this level of protection by going beyond what standard network firewalls and intrusion detection systems can provide.”

    Pricing and Availability

    Secure IIS is currently available at $995 per copy. For more information, visit http://www.eeye.com/html/products/secureiis/index.html



    About eEye Digital Security

    eEye Digital Security is the global leader in a new class of security solutions: comprehensive vulnerability management and zero-day endpoint security protection. eEye enables secure computing through world-renowned research and innovative technology, supplying the world's largest businesses with an integrated and research-driven vulnerability assessment, intrusion prevention, and client security solution. eEye's research team is consistently the first to identify new threats in the wild and our products leverage that research to deliver the insights and tools necessary to protect our customer's operating environments. For more information, please visit http://www.eeye.com

    Primary Press Contact

    Victor Cruz
    MediaPR
    (401) 349-3369 vcruz@mediapr.net

    EMEA Press Contact

    Ralph Klöwer
    INTERFACE Relations
    +49 (0) 89-552 688-66 r.kloewer@interface.pr.de