Re: IPS, alternative solutions

From: Kyle Maxwell (
Date: 09/22/04

  • Next message: Fahad Al-Suwais: "free hIDS, or system assessment tools"
    Date: Wed, 22 Sep 2004 15:31:52 -0500
    To: Jason <>


    On Fri, 17 Sep 2004 17:11:38 -0400, Jason <> wrote:
    > Cure, Samuel J wrote:
    > > I do agree however with the resource requirements necessary for testing and
    > > rolling out each patch or hotfix.

    > I think we can all agree that IPS is no replacement for Patch
    > Management. My point is that there is no demonstrable ROI that I have
    > seen for IPS yet there appears to be a perception that it is a more cost
    > effective way of dealing with the problem. This is likely a result of
    > the parroting by some IPS vendors of a virtual patching concept. I am
    > open to the case if it can be shown, this is why I asked anyone to
    > provide an actual ROI.

    Actually, I think what Samuel posted is the ROI: with shorter cycle
    times between vulnerability disclosure to patch availability to
    attacks (including worms), having IPS helps you protect servers during
    that period between signature availability (hopefully very close to
    vulnerability disclosure) and patch rollout. Not that I advocate
    quarterly updates, but organizations do need some time to test the
    patch and roll it out. That can range from a few days to a few weeks
    (if problems arise) and reducing your exposure, even if it's not
    totally eliminated, is valuable.

    Kyle Maxwell
    Test Your IDS
    Is your IDS deployed correctly?
    Find out quickly and easily by testing it with real-world attacks from CORE IMPACT.
    Go to to learn more.

  • Next message: Fahad Al-Suwais: "free hIDS, or system assessment tools"

    Relevant Pages