SOURCE: eEye

December 15, 2008 13:11 ET

eEye Digital Security Now Offering SQL Injection Protection for Microsoft IIS Servers

SecureIIS™ 3.0 Also Protects Against Buffer Overflow, ParserEvasion, Directory Traversal and General Exploitation Attacks

IRVINE, CA--(Marketwire - December 15, 2008) - eEye Digital Security (www.eeye.com), an expert in integrated security and threat-management solutions, today announced the general availability of SecureIIS™ v 3.0. Offering proactive Microsoft IIS Web-server protection, the latest version of SecureIIS features SQL injection protection for which users can enable and select defense levels from an action menu.

SecureIIS operates within Microsoft IIS to actively inspect all incoming requests at each stage of data processing. This allows the technology to prevent potentially damaging network traffic from penetrating servers and compromising Web-based applications, whether the traffic is encrypted or unencrypted.

"This capability is critical because vulnerabilities in software applications are responsible for the vast majority of network security breaches and data loss," said Morey Haber, VP of Business Development for eEye Digital Security. "In particular, Web-server applications like Microsoft IIS are consistently targeted because of the ease of application deployment and potential flaws inherent with coding and configuration mistakes."

These flaws aid in the creation of some of the most damaging worms that cause compromised Websites and Microsoft IIS directory vulnerabilities. With proper network protection from SecureIIS, users are able to repel common and nefarious attacks.

"When we were hit with an exploit, I was looking at our server logs and realized something was amiss," said Lisa Davis, IT Specialist for the Iowa Department for the Blind. "I shut our router down until I could figure it out, and what I learned was that SecureIIS saved us from a very serious attack. A number of organizations in our area were infected from the same vulnerability. SecureIIS notified me that something unusual was going on and blocked it in the meantime. That's the beauty of behavior-based security."

Key Features of SecureIIS 3.0

--  SQL Injection Protection - filters common commands and characters to
    stop SQL injection attacks.
--  PCI DSS Compliance - meets the requirements for Payment Card Industry
    DSS v1.2 for a web application firewall by providing an in-line solution
    that can protect against the latest threats even when no application
    mitigation is available.
--  Application Layer Protection - inspects requests from the network and
    kernel levels as well as processing levels in between.
--  IIS ISAPI Integration - monitors data processed by IIS and blocks
    requests at any point that resembles a class of attack patterns.
--  Zero Day Protection - inspects Web-server traffic for issues such as
    buffer overflows, parser evasions, directory traversal and other attacks to
    block entire classes of attacks, including those not yet discovered.
--  Non-Intrusive Protection - offers protection without affecting service
    levels on Web servers and provides improved performance when Web servers
    come under attack.
--  Third-Party Application Protection - stops attacks launched against
    third-party Web server applications or custom Web scripts.
--  Protection Over SSL Encrypted Sessions - stops attacks on encrypted
    sessions based on the ability to analyze the content of HTTPS sessions
    before and after SSL encryption.
    

"Because Web servers often provide a portal to the internal network, they require a more formidable and customized level of protection," Haber said. "SecureIIS offers this level of protection by going beyond what standard network firewalls and intrusion detection systems can provide."

Pricing and Availability

Secure IIS is currently available at $995 per copy. For more information, visit http://www.eeye.com/html/products/secureiis/index.html

About eEye Digital Security

eEye Digital Security is a leader in vulnerability management, endpoint security, anti-virus software and IT security research. The company's advanced security solutions help technology professionals protect the networks and digital assets of more than 9,000 corporate and government organizations worldwide. Founded in 1998, eEye Digital Security is headquartered in Orange County, California. For more information, please visit www.eEye.com.

All trademarks contained within this press release are the sole property of their respective owners and are hereby acknowledged.

Contact Information

  • Press Contacts
    Agency:
    Victor Cruz
    MediaPR
    1.508.655.4397
    email: Email Contact

    Corporate, North America:
    Stacy Newman
    1.949.333.1913
    Email Contact