EEye to enter antivirus business

EEye is planning to add antivirus capabilities to its Blink intrusion prevention product.

Security vendor eEye Digital Security plans to add antivirus capabilities to its Blink intrusion prevention product, and will release a beta version of the software early next year, according to a company executive.

"We are developing our own generic antivirus now," said eEye co-founder and Chief Hacking Officer Marc Maiffret, in an interview.

A beta version of the software will be made available to Blink users in early in 2006, he said. "It'll be an update basically, so any customers who have [Blink] will get it for free."

Currently, the Blink firewall can be used for security policy enforcement and to protect clients from network-based attacks, antispyware and phishing attacks, according to eEye.

Rather than checking software that wants to run on the system against a database of known malware, an approach called "signature-based" prevention, Blink's antivirus software will examine the program's behavior to determine whether or not it is malicious. This behavior-based approach is already used by a number of products, including Sana Security's Primary Response and McAfee's Entercept.

The antivirus software market is crowded with products right now, but eEye appears to be taking the right approach, said Andrew Janquith, a senior analyst with Yankee Group Research. "It's a bit late for them to come to the party, but they may benefit from recognizing that the signature-based approach to virus detection isn't working anymore."

Signature-based techniques are still the most widely used form of antivirus detection, but they are starting to break down because of the massive amount of malicious software in circulation, Janquith said. "There are well over 100,000 signatures that antivirus vendors are tracking. By way of comparison, most PCs have about 50,000 files on them right now."

Behavior-based antivirus software has a chance of preventing unknown attacks from succeeding, but it is generally not as effective as the signature-based alternatives against known attacks, he said.

The antivirus market is dominated by Symantec, McAfee and Trend Micro. In 2004, they accounted for 83 percent of the US$2.5 billion worldwide antivirus market, according to research firm Gartner Inc.

Blink is not the only product that eEye has been improving. Earlier last week, the company announced a new version of its REM management console. REM 3.0 features improved management and reporting capabilities, the company said.