 |
 |
|
 |
"We were very impressed by the technical expertise and rigorous testing methodology that ITS employed while conducting this test." -- Oded Comay, CTO of ForeScout Technologies
|
 |
|
|
Blue Lane Technologies PatchPoint 1.1
August 2005
Test No. ITS05001
|
|
|
Vendor Product Overview
The Blue Lane™ PatchPoint™ System is a network-based
appliance architected to emulate security patches, inline, for
mission-critical servers without having to install software-based
vendor patches directly onto each operating system or service.
A PatchPoint ActiveFix™ is the inline version of a software
vendor’s security patch. It addresses the vulnerability
through inline manipulation of the protocol stream, which
mimicks network-based patch functionality. If a vendor patch
checks for conditions deep within a protocol, replaces characters
in a string and truncates or converts data, then the
corresponding ActiveFix is designed to perform those same
functions in real time.
The PatchPoint System monitors interactions between client
and server that are relevant to the patches using application
proxies that require neither software agents nor modifications
to the client or server. The patch-centric nature of the
PatchPoint System enables administrators to identify
unpatched servers on the network and to apply ActiveFixes
inline using a one-to-one association to the original vendor
patch, thus emulating remote components of a vendor patched
network host.
|
Independant Validation Claims
During June and July 2005, Independent Testing Services,
powered by Network Computing Labs™ (ITS) was contracted
by Blue Lane Technologies (www.bluelane.com) to independently
validate specific capabilities of the PatchPoint System
appliance. The following claims of Blue Lane were subject to
open and independent testing verification:
-
The ActiveFix technology manipulates the protocol stream in
real time without dropping the active transactions and without
interrupting other user data in the same transaction.
-
The PatchPoint System provides an effective zero-footprint
inline mitigation system against several specific well-known
exploits.
|
Results Summary
To validate the proposed claims, ITS created a topology containing
vulnerable hosts, patched hosts and actual exploits
capable of completely compromising the unpatched services.
Detailed protocol analysis validated the PatchPoint System’s
ability to manipulate the protocol stream without interrupting
user data in the same connection and/or transaction.
The PatchPoint System also successfully mitigated all 10
exploits tested through inline protocol modification, including
multiple attacks against:
- Oracle Enterprise DB 9.0
- Microsoft SQL Server 2000
- Microsoft IIS
- Microsoft WINS
- Linux Apache
- BSD/Linux WU-FTP
|
|
|
|
