The Answer: eEye's Integrated Threat Management Solution
Martinez and the city of Miami Beach eventually turned to eEye. The eEye solution represents a new class of security product: integrated threat management. eEye detects vulnerabilities and threats, prevents intrusions, protects all of an organization's key computing resources, from endpoints to network assets, all while providing a centralized point of security management and network visibility.
eEye's research team is consistently the first to identify new threats in the wild, and its products leverage that research to deliver on the goal of making network security as easy to use and reliable as networking itself.
Deploying Zero-day Protection and Tailoring it to the City's Unique Needs
“What sold us on eEye was two things: zero-day protection and policy enforcement,” Martinez said. In terms of zero-day protection, Martinez mentioned that eEye doesn't just look at layer six or seven, the presentation and application layers. “eEye digs down to layer two where the bits and the bytes are.”
The deployment of eEye was a smooth one, although there were a couple of hitches along the way. For instance, some of the notebooks used in the field, Panasonic Toughbooks, had driver compatibility issues that the eEye team had to address.
“Any software product will have an occasional problem,” Martinez said. “What's important is how the company responds to those problems.”
According to Martinez, the eEye customer support team quickly got developers involved to come up with fixes. “We also had some challenges unique to our organization. We had to set up policies for certain types of communications, keeping ports open and allowing services to talk to each other. The professional services team helped us handle those things to tailor the eEye box to our specific needs.”
Once eEye's REM, Blink and Retina solutions were up and running, the city of Miami Beach saw its security profile improve immediately. With zero-day attacks, eEye quarantines machines when anything unusual and potentially damaging pops up.
“If you can quarantine quickly at the workstation level, which is the biggest vulnerability by far for an organization like ours, that's half the battle. Damage is mitigated,” he added. “eEye prevents the epidemic nature of how viruses spread – whether it's a clear or clandestine payload.”
Turning to policy enforcement, Martinez voiced a common IT complaint: being forced to act as a traffic cop. Users are always trying to do something they shouldn't, whether it's clicking on a potentially dangerous link in an email message, visiting a compromised website, or accessing inappropriate content.
“I didn't want to be put in the position of always policing end users,” Martinez said. “I have no problem enforcing policies, but why not find a way to force the end user to comply with IT policy whether they think they're complying or not?”
Martinez found that eEye's fine-grained configuration capabilities enabled him to do just that. “eEye lets me create a policy footprint. IT determines what users shouldn't be able to do, what websites they can't visit, what programs they can't download, and eEye enforces that.
“Even if a user has administrator rights, the policy will still be enforced. Users won't get around policy through rights – which has historically been a problem with Windows. I don't allow anyone outside of IT to have administrator rights anyway, but what I'm saying is that in organizations that don't have those controls in place, eEye will still enforce policy, regardless.”
The end result was that the city of Miami Beach addressed gaps in its security profile, eased the burden on IT and integrated security into its overall plans for business continuity.
Victor Cruz is an independent media consultant based in Providence, R.I.