SecureData, a member of the JSE-listed ERP.com Group and the southern African enterprise partner for eEye Digital Security, today announced the latter's offering of the industry's first vulnerability tracking site that focuses exclusively on zero-day vulnerabilities, or those vulnerabilities in which technical details regarding exploitation methods are in public circulation prior to the availability of a software patch.
This Zero-Day Tracker provides detailed information, analysis and remediation strategies for these unpatched security vulnerabilities, including information that is not available from any other source.
eEye's zero-day tracking site provides organisations the data needed for remediation and outlines proactive steps that can be taken to prevent attackers from using these critical security vulnerabilities to penetrate their networks. Interested parties can immediately visit the site here.
"The increasing proliferation of zero-day vulnerabilities means the previous window of opportunity IT had to secure networks between the release of a software patch and an attack has been slammed shut," commented Marc Maiffret, eEye's founder and CTO. "More zero-day security vulnerabilities and attacks are being discovered every day and dealing with them can easily dominate an enterprise's IT efforts. As a result, we've been overwhelmed by requests from our customers to give them the information and time they need to protect their networks. Our Zero-Day Tracker is a direct response to this tremendous demand."
eEye's Zero-Day Tracker is maintained and run by eEye Research, one of the world's best security research organisations, responsible for discovering more critical security vulnerabilities than any other research group in the world. As a result, eEye's Zero-Day Tracker helps IT and security professionals keep track of past and present zero-day vulnerabilities in real-time. eEye has always provided recommendations on what users can do to mitigate vulnerabilities. The Zero-Day Tracker extends and expands this service, creating far more than just a link repository of known vulnerabilities and recommendations. The Zero-day Tracker provides information that would otherwise be unknown to the public. For example, the eEye Research Team investigates vulnerabilities independently of other reports, separating 'denial of service' vulnerabilities from those that are truly exploitable through exhaustive, expert research. An example of this can be found here.
Originally reported as a 'denial of service' flaw, eEye demonstrates that the vulnerability is actually exploitable. By tracking the vulnerability in detail, eEye enables security professionals to implement mitigation strategies immediately.
eEye's research team constantly monitors these zero-day flaws, continually providing information even if data is not publicly disclosed in other outlets. All future zero-day vulnerabilities will also be added to the list, and information on any past zero-day vulnerability can be requested from eEye Research. Interested parties can e-mail eEye Research at skunkworks@eeye.com to request additional zero-day posts or with general questions related to eEye Research.
In addition to the Zero-Day Tracker, eEye provides proactive protection to its customers from the exploitation of zero-day vulnerabilities with Blink Professional, providing unified client security and allowing IT departments to deploy software patches according to regularly scheduled maintenance cycles. Blink does not require shutting down services or applications as a means of protection, thus allowing businesses to continue to function normally. The result is 100% protection, with no downtime or impact to operations. In addition, current customers using the Retina Network Security Scanner are already able to scan their systems for these critical vulnerabilities.
Share
Over the last five years, eEye has been recognised as the pre-eminent organisation in the discovery of the most critical vulnerabilities in various platforms and applications, including the vulnerabilities subsequently leveraged by the Sasser, Witty and Code Red worms, as well as the Microsoft ASN vulnerability and scores of other important discoveries. This expertise gives eEye a distinct advantage in designing services and software solutions for the assessment, remediation and prevention of vulnerabilities and the attacks that leverage them.
Blink Professional
Designed to be implemented on individual assets such as servers, PCs and laptops, Blink is the first endpoint product to combine multiple layers of security technologies to protect organisations from zero-day attacks that leverage yet unknown vulnerabilities within enterprise networks. This comprehensive security solution allows organisations to defer patching vulnerable machines until regularly scheduled maintenance cycles, thereby saving millions of dollars in business disruption and the associated IT resource drain caused by 'panic' patching. Additionally, Blink eliminates the problem of so-called "socially engineered" security threats in which hackers trick individuals into downloading malware or otherwise making their own machines vulnerable to attack. As a result, Blink uniquely protects assets from vulnerabilities, as opposed to only thwarting attacks.
eEye's integrated family of vulnerability management solutions helps IT and security professionals confidently safeguard their valuable digital assets. eEye's products include Blink Professional, Retina Network Security Scanner, REM Security Management Console, Iris Network Traffic Analyser and SecureIIS Web Server Protection.
For further information, please contact Bianca Maritz at telephone +27 11 790 2500; fax +27 11 790 2599; e-mail biancam@securedata.co.za.
eEYE Digital Security
eEye Digital Security is a leading developer of network security software, and the foremost contributor to security research and education. eEye's award-winning software products provide a complete vulnerability management solution that addresses the full lifecycle of security threats: before, during and after attacks. eEye protects the networks and digital assets of more than 8 400 corporate and government deployments worldwide, including Avon, Citigroup, Continental Airlines, the US Department of Defence, Dow Jones, Prudential, University of Miami, Viacom, Vodafone, Warner Music and Wyeth. Founded in 1998, eEye Digital Security is a privately held, venture-backed firm with headquarters in Orange County, California. For more information, please go to www.eEye.com. SecureData
SecureData, an ERP.com company, is Africa's premier value-added distributor and solution provider of perimeter, network and endpoint information security and risk management solutions. As well as being the sole distributor in Sub-Saharan Africa for Trend Micro, SecureData is the Sub-Saharan African distributor for AirDefense, Application Security, Check Point Software Technologies, Cibecs, eEye, Network Engines, Precise Biometrics, Rocket Software, RSA Security, St Bernard Software, TippingPoint Technologies and Websense. For more information, visit SecureData at www.securedata.co.za.
ERP.com
ERP.com is a JSE-listed company focused on the implementation, integration and management of enterprise applications in an e-business environment. For more information, visit ERP.com at www.erpcom.co.za.
Editorial contacts