Re: IDS\IPS that can handle one Gig
From: Frank Knobbe (frank_at_knobbe.us)
Date: 06/06/05
- Previous message: Hovis, Chris: "RE: IDS\IPS that can handle one Gig"
- In reply to: Vikram Phatak: "Re: IDS\IPS that can handle one Gig"
- Next in thread: Control Zed: "Re: IDS\IPS that can handle one Gig"
- Reply: Control Zed: "Re: IDS\IPS that can handle one Gig"
- Reply: Terry Vernon: "Re: IDS\IPS that can handle one Gig"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: Vikram Phatak <vphatak@lucidsecurity.com> Date: Mon, 06 Jun 2005 14:30:37 -0500
On Sun, 2005-06-05 at 03:39 -0400, Vikram Phatak wrote:
> The biggest knock I've heard about VM is that it doesn't actually
> "protect" anything since it is not patching vulnerablities.
I think this single line shows the biggest problem in the security
industry, the need to protect vulnerabilities. Instead of adding layers
to protect the bag of vulnerabilities, we should open the bag and remove
the vulnerabilities one by one.
The term vulnerability management is equally flawed. We should not at
all "manage" vulnerabilities, but "identify" and "eradicate" them.
The whole notion of keeping vulnerabilities around is just flawed...
... and I wonder if IPSes just foster the complacency to accept and live
with vulnerabilities...
Cheers,
Frank
- application/pgp-signature attachment: This is a digitally signed message part
- Previous message: Hovis, Chris: "RE: IDS\IPS that can handle one Gig"
- In reply to: Vikram Phatak: "Re: IDS\IPS that can handle one Gig"
- Next in thread: Control Zed: "Re: IDS\IPS that can handle one Gig"
- Reply: Control Zed: "Re: IDS\IPS that can handle one Gig"
- Reply: Terry Vernon: "Re: IDS\IPS that can handle one Gig"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
