eEye Adds Patent-Pending Protection for ActiveX Attacks

ov_logo_blueonWhite
by || 01/26/2009

IRVINE, CA – eEye Digital Security (www.eeye.com), an expert in integrated security and threat-management solutions, today announced the availability of a new, patent-pending technology for protection against ActiveX controls containing zero-day vulnerabilities.

The new technology has been programmed into eEye’s Blink Endpoint Security solution and effectively blocks all threats within ActiveX, the lowest common denominator attack vector for the majority of Internet Explorer exploits.

Traditionally, intrusion protection systems are required to decrypt malicious scripts, a memory-intensive process and not very effective. With the addition of this new technology from eEye, users are able to allow Web-based script code to decrypt itself in a safe manner and allow Blink to identify attacks at the last possible state prior to a potentially malicious execution. This saves the user from Web-based script code that is designed to maliciously execute ActiveX controls. This occurs by hooking into the ActiveX system itself, which must be called by Web-based script code in order to exploit ActiveX vulnerabilities.

“This methodology has proven to be much more effective than the decryption methods of other intrusion protection vendors,” said Andre Protas, eEye director of Research and Preview Services. “We developed the technology through our R&D team, which constantly analyzes current attack trends to identify the next evolution of threats. While many of these evolutions have small iterations and change rapidly, we typically identify a common denominator that allows us to provide protection against current attacks as well as the next evolution of attacks.”

The eEye ActiveX protection engine within Blink Endpoint Security also contains a heuristic system that analyzes calls to ActiveX controls that may have zero-day vulnerabilities. If a suspicious call is witnessed, the script is automatically blocked and additional action is not necessary by the user to block the attack.

eEye tested the new technology against threats that have emerged from ActiveX controls during the past several years as well as against a database of zero-day ActiveX vulnerabilities. The protection mechanism has proven to be 100-percent effective at blocking remote-code execution.

“This new mechanism is another example of eEye’s overall protection strategy,” added Protas. “Our mission is to provide zero-day protection for the threats of today along with proactive protection from the threats of tomorrow.”

About Blink Endpoint Security Blink Endpoint Security

combines multiple layers of endpoint security capabilities and leverages a host-based intrusion prevention engine that dynamically collects and incorporates new threat data in real time. The solution also enables users to have centralized policy control over applications, system resources and removable storage devices. Blink Endpoint Security also provides virus and spyware protection, intrusion prevention and vulnerability assessment, and system and application firewalls that protect desktops from malicious zero-day attacks, ID theft, keylogging, phishing, and variants of malware such as hijacking by botnets.

Customers and partners interested in information and pricing should contact an eEye Security Account Manager at sales ( @ ) eEye dot com or call (866) 282-8276 dot For more information on eEye threat management products, visit http://www.eeye.com

About eEye Digital Security

eEye Digital Security is a leader in vulnerability management, endpoint security, anti-virus software and IT security research. The company’s advanced security solutions help technology professionals protect the networks and digital assets of more than 9,000 corporate and government organizations worldwide. Founded in 1998, eEye Digital Security is headquartered in Orange County, California. For more information, please visit www.eEye.com.