New technology provides solid protection and allows web-based script code to decrypt itself allowing for more powerful attack identification

(Irvine, CA) January 22, 2009 — eEye Digital Security (www.eeye.com), an expert in integrated security and threat-management solutions, today announced the availability of a new, patent-pending technology for protection against ActiveX controls containing zero-day vulnerabilities.

The new technology has been programmed into eEye’s Blink Endpoint Security solution and effectively blocks all threats within ActiveX, the lowest common denominator attack vector for the majority of Internet Explorer exploits.

Traditionally, intrusion protection systems are required to decrypt malicious scripts which is a memory-intensive process and not very effective. With the addition of this new technology from eEye, users are able to allow Web-based script code to decrypt itself in a safe manner and allow Blink to identify attacks at the last possible state prior to a potentially malicious execution. This saves the user from Web-based script code that is designed to maliciously execute ActiveX controls. This occurs by hooking into the ActiveX system itself, which must be called by Web-based script code in order to exploit ActiveX vulnerabilities.

“This methodology has proven to be much more effective than the decryption methods of other intrusion protection vendors,” said Andre Protas, eEye director of Research and Preview Services. “We developed the technology through our R&D team, which constantly analyzes current attack trends to identify the next evolution of threats. While many of these evolutions have small iterations and change rapidly, we typically identify a common denominator that allows us to provide protection against current attacks as well as the next evolution of attacks.”

The eEye ActiveX protection engine within Blink Endpoint Security also contains a heuristic system that analyzes calls to ActiveX controls that may have zero-day vulnerabilities. If a suspicious call is witnessed, the script is automatically blocked and additional action is not necessary by the user to block the attack.

eEye tested the new technology against threats that have emerged from ActiveX controls during the past several years as well as against a database of zero-day ActiveX vulnerabilities. The protection mechanism has proven to be 100-percent effective at blocking remote-code execution.

“This new mechanism is another example of eEye’s overall protection strategy,” added Protas. “Our mission is to provide zero-day protection for the threats of today along with proactive protection from the threats of tomorrow."

About Blink Endpoint Security

Blink Endpoint Security combines multiple layers of endpoint security capabilities and leverages a host-based intrusion prevention engine that dynamically collects and incorporates new threat data in real time. The solution also enables users to have centralized policy control over applications, system resources and removable storage devices. Blink Endpoint Security also provides virus and spyware protection, intrusion prevention and vulnerability assessment, and system and application firewalls that protect desktops from malicious zero-day attacks, ID theft, keylogging, phishing, and variants of malware such as hijacking by botnets.

Customers and partners interested in information and pricing should contact an eEye Security Account Manager at sales@eEye.com or call (866) 282-8276. For more information on eEye threat management products, visit http://www.eeye.com/html/products.

About eEye Digital Security

eEye Digital Security is the global leader in a new class of security solutions: comprehensive vulnerability management and zero-day endpoint security protection. eEye enables secure computing through world-renowned research and innovative technology, supplying the world's largest businesses with an integrated and research-driven vulnerability assessment, intrusion prevention, and client security solution. eEye's research team is consistently the first to identify new threats in the wild and our products leverage that research to deliver the insights and tools necessary to protect our customer's operating environments. For more information, please visit http://www.eeye.com

Primary Press Contact

Victor Cruz
MediaPR
(401) 349-3369 vcruz@mediapr.net

EMEA Press Contact

Ralph Klöwer
INTERFACE Relations
+49 (0) 89-552 688-66 r.kloewer@interface.pr.de