Re[2]: Kernel sec. systems WAS: Why eEye Retina (was MBSA scanner)

[Jason Ostrom <jpo () pobox com>]

Marc,

I do agree with you when you said kernel protection systems alone are
not enough, but I also think there is not a single silver bullet here,
and the same can be said for any product.

I would be interested to see how the eEye Blink IPS differs in
regards to protecting against vulnerabilities specifically (rather
than just exploits), and how this differs from Okena.

<<
Marc Maiffret> Okena "works" because no one
Marc Maiffret> knowledgeable has said otherwise. Okena has
Marc Maiffret> taken the same flawed approach as
Marc Maiffret> network IDS systems focusing on
Marc Maiffret> protecting from exploits, and not
Marc Maiffret> vulnerabilities specifically. Although
Marc Maiffret> they have done so by doing detection of
Marc Maiffret> exploits at the kernel level,
Marc Maiffret> instead of at the network level.
> >

To be fair to Okena, and all marketing aside, it does provide patch
relief for most vulnerabilities, and isn't this adding an extra layer
of security?  I can also see the Security Policy compliance
benefit in locking down the user groups with the rule-based behavior, i.e.
Group A can not use Kazaa, Group B can only use Yahoo IM, etc.

Jason


------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
-------------------------------------------------------------------------------