ISS - virtual patching
- From: phb@xxxxxxxxx
- Date: 11 Jul 2006 14:34:41 -0000
I was at an ISS event (but I guess it applies to all IPS vendors) where they said after a signature is written they QA it to prevent false positives, for about 8 weeks in the wild.
It sounded a little counter productive to the "virtual patching" claims, since that often means the protection comes in after I've already patched the system.
I agree I wouldn't deploy prevention prior to being sure it'll not cause a DoS to the network (or at all until this technology matures a little more), but with this attitude what is the IPS virtual patch hype all about?
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------
- Follow-Ups:
- Re: ISS - virtual patching
- From: David Maynor
- Re: ISS - virtual patching
- Prev by Date: RE: IDS
- Next by Date: Re: What type of IDS should I use?
- Previous by thread: IPS - Default blocking policy
- Next by thread: Re: ISS - virtual patching
- Index(es):
