Re: IPS, alternative solutions

From: Kyle Maxwell (krmaxwell_at_gmail.com)
Date: 09/22/04

Next message: Fahad Al-Suwais: "free hIDS, or system assessment tools"

Previous message: Mike Frantzen: "Re: IPS, alternative solutions"
In reply to: Jason: "Re: IPS, alternative solutions"
Next in thread: Maarten Van Horenbeeck: "Re: IPS, alternative solutions"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 22 Sep 2004 15:31:52 -0500
To: Jason <security@brvenik.com>

On Fri, 17 Sep 2004 17:11:38 -0400, Jason <security@brvenik.com> wrote:
> Cure, Samuel J wrote:
> > I do agree however with the resource requirements necessary for testing and
> > rolling out each patch or hotfix.

> I think we can all agree that IPS is no replacement for Patch
> Management. My point is that there is no demonstrable ROI that I have
> seen for IPS yet there appears to be a perception that it is a more cost
> effective way of dealing with the problem. This is likely a result of
> the parroting by some IPS vendors of a virtual patching concept. I am
> open to the case if it can be shown, this is why I asked anyone to
> provide an actual ROI.

Actually, I think what Samuel posted is the ROI: with shorter cycle
times between vulnerability disclosure to patch availability to
attacks (including worms), having IPS helps you protect servers during
that period between signature availability (hopefully very close to
vulnerability disclosure) and patch rollout. Not that I advocate
quarterly updates, but organizations do need some time to test the
patch and roll it out. That can range from a few days to a few weeks
(if problems arise) and reducing your exposure, even if it's not
totally eliminated, is valuable.

-- 
Kyle Maxwell
[krmaxwell@gmail.com]
--------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.
--------------------------------------------------------------------------

Next message: Fahad Al-Suwais: "free hIDS, or system assessment tools"

Previous message: Mike Frantzen: "Re: IPS, alternative solutions"
In reply to: Jason: "Re: IPS, alternative solutions"
Next in thread: Maarten Van Horenbeeck: "Re: IPS, alternative solutions"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: IPS, alternative solutions
... I think we can all agree that IPS is no replacement for Patch ... My point is that there is no demonstrable ROI that I have ... > Scott, to answer your question on cost effective, perhaps IPS will more than ...
(Focus-IDS)
Re: IPS, alternative solutions
... The statement "The ROI here is obvious when a worm hits before you can ... I understand the position that an IPS can buy you some time. ... Delaying a patch several months with or without an IPS is at best making ... > The IPS allows them to delay patch installation until it is convenient ...
(Focus-IDS)
Re: Problem with tag lines separated from text body by two dashes
... :) On Thu, 13 Apr 2006, Samuel W. Heywood wrote: ... :)> Sam Heywood ... I also have a patch in my web page which does this without using the "H" ... command, it is called "New Menu for the Reply Command", and it allows you ...
(comp.mail.pine)
Re: [PATCH] MFD: TWL/TPS: fix twl_probe section mismatch warning in mfd/twl-core.c
... Samuel et al, ... The twl driver is not OMAP specific, so this should be a separate patch thatI ... will merge to my mfd tree. ...
(Linux-Kernel)
Re: [PATCH V2 5/7] power_supply: PCF50633 battery charger driver
... (As the patch depends on MFD parts, I assume Samuel will merge it ... into linux-mfd.) ...
(Linux-Kernel)