eEye: New Pilot Keeps an Eye on Security Threats

UCLA’s newly formed Applied Security Task Force is revamping the campus pilot of eEye – a suite of software products that identifies and helps protect against security threats to networks and computing systems.  The goals of the project are to increase overall campus IT security, to have some advance warning of vulnerabilities, and to develop best practices for IT security.  ASTF members have been conducting a pre-pilot of eEye’s vulnerability scanner within their own units and expect to open the pilot to campus by Summer 2006.

Through the pilot, eEye is making available to the campus its software tools and expertise at no cost.  In exchange, UCLA is sharing its experience with eEye products deployed in a real-life large, diverse network ecosystem.  As part of the pilot, servers - which identify vulnerabilities and aggregate, categorize and measure the data collected by eEye products – will be installed in pilot units.  The servers will provide much greater capability for UCLA to profile the overall campus IT security landscape and for individual pilot units to profile their own security landscape at a granular level.

“The eEye pilot is attractive because it is the first time that we’ll have overall visibility into the vulnerabilities facing the highly distributed UCLA environment, said Jim Davis, UCLA’s Chief Information Officer.  With the Applied Security Task Force running the pilot, we’re not only trying out a specialized software that we hope will prove valuable to the campus, we’re also harnessing some of the excellent IT expertise from departments across campus and using that expertise in a cohesive way to benefit the campus,”

There are five packages included within the eEye software suite:

• Retina – This software scans for known vulnerabilities to operating systems.
• Iris - This sniffing software helps reconstruct data traffic and troubleshoot problems.
• Secure IIS – This web firewall software works at the application-level to protect web servers and their applications from known vulnerabilities.
• Blink – This is a host intrusion-prevention software.
• Retina Enterprise Manager (REM) – This is the management console.

The ASTF will accept participants into the pilot starting in June.  Although some people on campus have been using the eEye software as part of the previous pilot project, those people will be contacted in the next weeks so that their license agreements can be re-established through Software Central.

UCLA's Applied Security Task Force was formed to help create a campus computing environment that is open enough to facilitate the research and instruction that are the business of UCLA, yet secure enough to protect the people and data that exist within that environment.  Specifically, the Task Force works to mitigate the security risks increasingly associated with email, network and data centers through a coordinated, campuswide approach.

Comprised of technologists from seven distributed information technology units, the ASTF has three primary goals:

• Work in an applied way to triage security incidents.
• Become a resource for security-related issues.
• Help individual units with security challenges.

For more information on the eEye pilot, contact Kent Wada at: kent@ucla.edu.