IDS mailing list archives
ISS - virtual patching
From: phb () gmail com
Date: 11 Jul 2006 14:34:41 -0000
I was at an ISS event (but I guess it applies to all IPS vendors) where they said after a signature is written they QA it to prevent false positives, for about 8 weeks in the wild. It sounded a little counter productive to the "virtual patching" claims, since that often means the protection comes in after I've already patched the system. I agree I wouldn't deploy prevention prior to being sure it'll not cause a DoS to the network (or at all until this technology matures a little more), but with this attitude what is the IPS virtual patch hype all about? ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
Current thread:
- ISS - virtual patching phb (Jul 12)
- Re: ISS - virtual patching David Maynor (Jul 24)
- Re: ISS - virtual patching Stefano Zanero (Jul 27)
- <Possible follow-ups>
- Re: ISS - virtual patching john (Jul 21)
- Re: Re: ISS - virtual patching David Maynor (Jul 24)
- Re: ISS - virtual patching thunking (Jul 21)
- RE: ISS - virtual patching Palmer, Paul (ISSAtlanta) (Jul 24)
- RE: ISS - virtual patching Palmer, Paul (ISSAtlanta) (Jul 24)
- RE: ISS - virtual patching Palmer, Paul (ISSAtlanta) (Jul 25)
- Re: ISS - virtual patching David Maynor (Jul 24)