IDS mailing list archives
Re: IPS, alternative solutions
From: Kyle Maxwell <krmaxwell () gmail com>
Date: Wed, 22 Sep 2004 15:31:52 -0500
As On Fri, 17 Sep 2004 17:11:38 -0400, Jason <security () brvenik com> wrote:
Cure, Samuel J wrote:I do agree however with the resource requirements necessary for testing and rolling out each patch or hotfix.
I think we can all agree that IPS is no replacement for Patch Management. My point is that there is no demonstrable ROI that I have seen for IPS yet there appears to be a perception that it is a more cost effective way of dealing with the problem. This is likely a result of the parroting by some IPS vendors of a virtual patching concept. I am open to the case if it can be shown, this is why I asked anyone to provide an actual ROI.
Actually, I think what Samuel posted is the ROI: with shorter cycle times between vulnerability disclosure to patch availability to attacks (including worms), having IPS helps you protect servers during that period between signature availability (hopefully very close to vulnerability disclosure) and patch rollout. Not that I advocate quarterly updates, but organizations do need some time to test the patch and roll it out. That can range from a few days to a few weeks (if problems arise) and reducing your exposure, even if it's not totally eliminated, is valuable. -- Kyle Maxwell [krmaxwell () gmail com] -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. --------------------------------------------------------------------------
Current thread:
- Re: IPS, alternative solutions, (continued)
- Re: IPS, alternative solutions Andy Cuff (Sep 16)
- Re: IPS, alternative solutions Johann_van_Duyn (Sep 15)
- RE: IPS, alternative solutions Palmer, Paul (ISSAtlanta) (Sep 17)
- Re: IPS, alternative solutions Jason (Sep 17)
- RE: IPS, alternative solutions Murtland, Jerry (Sep 17)
- RE: IPS, alternative solutions Cure, Samuel J (Sep 21)
- Re: IPS, alternative solutions Jason (Sep 22)
- Re: IPS, alternative solutions Mike Frantzen (Sep 22)
- Re: IPS, alternative solutions Devdas Bhagat (Sep 27)
- Re: IPS, alternative solutions Thomas Ptacek (Sep 29)
- Re: IPS, alternative solutions Kyle Maxwell (Sep 23)
- Message not available
- Re: IPS, alternative solutions Jason (Sep 26)
- Re: IPS, alternative solutions p z (Sep 27)
- Re: IPS, alternative solutions Jason (Sep 30)
- Re: IPS, alternative solutions Jason (Sep 22)
- RE: IPS, alternative solutions Stuart Staniford (Sep 29)