I used the Metasploit Framework and Core Impact vulnerability scanners to test PatchPoint. In every case, the exploit was stopped and logged.
BlueLane PatchPoint G/450
BlueLane Technologies, bluelane.com
|
 Excellent 8.7 |
|
| criteria |
score |
weight |
| Effectiveness |
9 |
30% |
 |
| Ease-of-use |
9 |
20% |
|
| Management |
9 |
20% |
|
| Reporting |
7 |
10% |
|
| Setup |
9 |
10% |
|
| Value |
8 |
10% |
|
|
|
Cost:
Appliances and first year service start at $9,995.
Platforms:
Server versions of Microsoft Windows (Windows NT 4.0 and above), IIS, Microsoft SQL, Oracle, Apache, Red Hat Linux, Sun Solaris,
and various Unix applications
Bottom Line:
Blue Lane PatchPoint patch proxy appliance is a laudable addition to the IPS field. PatchPoint excels at protecting unpatched
Windows, Linux, and Unix servers against many publicly known exploits for popular applications by analyzing network packets
and removing harmful bits. However, PatchPoint does not patch client-side applications such as Internet browsers or e-mail
clients.
|
|
About our Reviews and Scoring Methodology
|
|
|
|
According to Blue Lane, the G/450 appliance does fast 2.4 Gbps wirespeed forwarding. Apache protection proxies are handled
at speeds as fast as 1.4Gbps, with the slowest proxy, SMTP, coming in at 700Mbps. This speed is accomplished using an intelligent
inspection engine that quickly filters out non-threatening traffic so that only the most suspect traffic is run through the
upper layer inspection proxies.
We don’t need no stinkin’ patches
Blue Lane has an excellent vulnerability testing laboratory, and the PatchPoint appliances include protection against dozens
of non-publicly released exploits along with more than a dozen other common vulnerabilities, such as SQL inject, fragmentation
attacks, excessive requests, etc. They even have a file extension blacklist and can filter outgoing HTTP requests against
a whitelist to protect servers when the administrator decides to browse to untrusted Web sites.
What PatchPoint claims to do (protect servers against patched OS and common application threats), it does well. However, it
is important to understand what PatchPoint doesn’t do: It doesn’t protect workstations. I wish it could patch client side
applications like Internet Explorer, Firefox, Adobe Acrobat, and Macromedia Flash. Blue Lane, there’s a new market just awaiting
your arrival.
Second, it doesn’t protect against all exploits, usually just the patched ones, and only the vendors and products that Blue
Lane monitors. Blue Lane does track exploits and patch releases, test vulnerabilities, and then use that information to update
the appliances so they’ll have the most up-to-date patch information. Their long watch list includes Oracle, Exchange, Apache,
IIS, Sendmail, IMAP, FTP, MS-SQL, MySQL, and many other common applications, but it cannot protect you against the myriad
of exploits outside the realm of patching, such as password guessing, network sniffing, and so on.
Nevertheless, I was impressed with what Blue Lane has accomplished so far. Its patch proxies are highly effective, and even
if it doesn’t cover every threat out there, PatchPoint certainly eliminates enough risk to be valuable. I highly recommend
it to companies with 20 or more servers who are at moderate or high risk of external attack and sweating the diminishing patching
thresholds.
E-mail
Printer Friendly
Reprints
(InfoWorld) - In the litigious world we live in, deploying a unified communications platform in your enterprise could...
