eEye Digital Security » News

News

eEye Digital Security Announces Availability of Free Vulnerability Scanner Following Discovery of Exploit Code for Critical CA Vulnerabilities

eEye Customers with Blink Already Protected Against Critical Vulnerabilities

(ALISO VIEJO, CA) March 9, 2005 — eEye Digital Security®, a leading network security software company enabling businesses to protect and manage their network infrastructure, today announced the availability of a free vulnerability scanner for both its customers and security administrators worldwide. This free vulnerability scanner, which is based on eEye's industry-leading Retina Network Security Scanner, is designed to identify machines vulnerable to attack due to the critical security flaws discovered within Computer Associates' (NYSE:CA) License Management software Wednesday, March 2, 2005. Since that announcement, verified exploit code has been discovered, providing a point of entry for any worm and/or virus designed to take advantage of CA's vulnerabilities. More importantly, it has become clear that anyone that has ever evaluated CA software could potentially be at risk. Even if the program was removed manually, the License Manager code that includes the vulnerabilities could potentially still be on the machine, thus enabling an attacker to take control of the system remotely.

"This is another example of how the window of opportunity for remediating unpatched machines continues to shrink – often to a few hours or less," said Firas Raouf, chief operating officer of eEye Digital Security. "The CA flaws are particularly tricky, as even those that diligently removed any CA products they may have evaluated are still at risk. eEye predicts that exploits targeting vulnerabilities within cross-platform enterprise software such as CA's will continue to rise as attackers seek new means to disrupt business. As a result, we remain focused on providing IT with enterprise-ready solutions to mitigate these types of risk and ensure business continuity."

These vulnerabilities enable an attacker to remotely execute code within the SYSTEM context, thus allowing them to take complete control of an affected system. The Computer Associates License Management software allows for the remote management and tracking of software licenses. The exploit code, which was discovered yesterday, has been verified by eEye’s world-class research team as valid. Organizations that have deployed Retina have been able to scan for CA vulnerabilities since the announcement on March 2, 2005. Additionally, those organizations that have deployed Blink, eEye’s award-winning endpoint security software, are already protected from this exploit and can postpone patching to regularly scheduled maintenance cycles.

The free vulnerability scanner designed to detect vulnerable machines is based on Retina, eEye's industry-leading network security scanner. As a result, enterprises are guaranteed the scans are non-intrusive and do not require administrative rights, thus enabling IT departments to scan their entire network without any business disruption. In order to download the free vulnerability scanner, as well as for further information and a technical description of the exploit and the associated vulnerabilities, please visit:
http://www.eeye.com/html/resources/newsletters/update/OA20050309.html

About Retina
eEye's Retina Network Security Scanner identifies known security vulnerabilities and assists in prioritizing threats for remediation. Featuring fast, accurate, and non-intrusive scanning and the industry's most comprehensive vulnerability database, users are able to secure their networks against even the most recently discovered vulnerabilities. Retina has been recognized as the most accurate network scanner, while also being one of the easiest to implement and use. eEye's Retina is also the only network vulnerability scanner that can perform the majority of its scans without administrative rights, thus ensuring that global enterprises can quickly and easily secure their networks.

More than just a scanner, the Retina Enterprise Suite also provides workflow integration that gives enterprises the means to institutionalize protection strategies that will keep their businesses running. While many vulnerability assessment technologies can identify threats, this information is usually delivered to IT and security departments overwhelmed with other responsibilities and no means to delegate remediation tasks in an organized fashion. Retina offers not only vulnerability assessment, but remediation, patch automation and sophisticated workflow integration that allows IT and security departments to work together effectively to optimize resources and mitigate threats. For more information on Retina Network Security Scanner please visit:
http://www.eeye.com/html/Products/Retina/

About Blink
Designed to be implemented on individual assets such as servers, PCs and laptops, Blink is the first endpoint product to combine multiple layers of security technologies to protect enterprises from zero-day attacks that leverage yet unknown vulnerabilities within enterprise networks. This comprehensive security solution allows enterprises to defer patching vulnerable machines until regularly scheduled maintenance cycles, thereby saving millions of dollars in business disruption and the associated IT resource drain caused by "panic" patching. Additionally, Blink eliminates the problem of so-called "socially engineered" security threats in which hackers trick individuals into downloading malware or otherwise making their own machines vulnerable to attack. As a result, Blink uniquely protects assets from vulnerabilities, as opposed to only thwarting attacks. For more information on Blink please visit:
http://www.eeye.com/html/Products/Blink/

About eEye Digital Security

eEye Digital Security® is pioneering a new class of security products:integrated threat management. This next-generation of security detects vulnerabilities and threats, prevents intrusions, protects all of an enterprise’s key computing resources, from endpoints to network assets to web sites and web applications, all while providing a centralized point of security management and network visibility.eEye’s research team is consistently the first to identify new threats in the wild, and our products leverage that research to deliver on the goal of making network security as easy to use and reliable as networking itself. Founded in 1998 and headquartered in Orange County, California, eEye Digital Security protects more than 9,000 corporate and government organizations worldwide, including half of the Fortune 100. For more information, please visit www.eeye.com

About eEye Digital Security

Primary Agency Contact

EMEA Agency Contact

Corporate Contact