Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: eEye's Blink

From: Wang Cheng <ChengW () SACREDHEART EDU>
Date: Tue, 29 May 2007 14:57:49 -0400
Hi Sam,
        We use it here at Sacred Heart University on all faculty/staff
machines and so far it has proven to be a great host based IPS product,
that is once you have it tuned to your environment. Unlike most other
firewalls and anti-malware products, which work as an LSP (using the
Winsock Provider API), Blink installs itself as a NDIS, TDI, and file
access drivers (just above the hardware itself) which allows it to be
very fast and provide features of both network and host based IPS.

        It comes with anti-malware, application and registry protection
and a network/app firewall.  We found the firewall to be very hard to
configure properly so we don't have it turned on by default (we just use
Windows Firewall instead).  The anti-malware piece will not really
replace your AV or Anti-spyware, it's still not mature enough for that.
The greatest advantage of Blink is really it's IPS.

        Like with any IPS, you should do some extensive testing with it
in your environment.  We tested for more than 3 months before deploying
to weed out the rules that gave false positives in our environment. I
highly recommend looking into REM for it's centralized management and
data correlation capabilities as well.

        There's a free personal edition of the IPS you can get and I'm
sure they'll be glad to let you tryout the whole product! :-) Also the
Vista version is not coming out until next quarter.

Regards,
        Conrado Wang Cheng Niemeyer
        Information Security Officer
        Sacred Heart University

-----Original Message-----
From: Walker, Sam [mailto:swalker () WVSOM EDU] 
Sent: Friday, May 25, 2007 1:08 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] eEye's Blink

I was curious if anyone is currently using or is evaluating eEye's Blink
product.  I viewed a webcast of the product this week and it appears to
be rather powerful.  The company's web site lists several education
clients, so I was interested in opinions about the product.  Thanks in
advance.

Sam Walker
WVSOM
Previous By Date Next
Previous By Thread Next

Current thread: