RE: RE: We have the enemy, and the enemy is... you

["Andrew R. Reiter" <arr () watson org>]

Hi!

On Fri, 14 Apr 2006, Paul Melson wrote:

:________________________________
:Subject: Fwd: [Dailydave] RE: We have the enemy, and the enemy is... you
:
:
:> Don't buy them! Don't spend the time and the energy to get them to work 
:> for your enterprise. There are several reasons for me to say this but i
:would
:> like to first start offering you the alternative.
:
:I think you're throwing the baby out with the bathwater here.  You wouldn't
:rely on Tripwire or COPS as your primary host security tools, either, but
:they were better than nothing 10 years ago.  Many of these products were
:designed with NT/2000 security in mind.  And most of them improve security
:for the same.
:

I think you hit on a key point that is missed by many security folks.  A 
product like this doesn't need to be all encompassing and perfect in every 
way to serve a purpose.  Sure; it can be "owned", but by utilizing a 
heterogenous set of detection products, you are going to do much better 
than just sitting around and saying "well, all these damn products suck, 
use none."



:New versions of HIPS products amount to the same old thing from 5 years ago
:ported to and tested on XPSP2/2003.  The HIPS market will move again and the
:products that don't perform (or fail to pay off Gartner) will be culled.
:Overall, I don't see HIPS going anywhere.  Well, OK, there will probably be
:a new name and acronym for whatever comes next.  
:
:
:> wmic OS Get DataExecution_Available
:
:I know it's just a typo on your part, but for anybody that tries to recreate
:it, that should be DataExecutionPrevention_Available and probably also
:DataExecutionPrevention_32BitApplications.
:
:PaulM
:
:
:

--
arr () watson org