As
On Fri, 17 Sep 2004 17:11:38 -0400, Jason <security@brvenik.com> wrote:
Cure, Samuel J wrote:
I do agree however with the resource requirements necessary for testing and
rolling out each patch or hotfix.
I think we can all agree that IPS is no replacement for Patch
Management. My point is that there is no demonstrable ROI that I have
seen for IPS yet there appears to be a perception that it is a more cost
effective way of dealing with the problem. This is likely a result of
the parroting by some IPS vendors of a virtual patching concept. I am
open to the case if it can be shown, this is why I asked anyone to
provide an actual ROI.
Actually, I think what Samuel posted is the ROI: with shorter cycle
times between vulnerability disclosure to patch availability to
attacks (including worms), having IPS helps you protect servers during
that period between signature availability (hopefully very close to
vulnerability disclosure) and patch rollout. Not that I advocate
quarterly updates, but organizations do need some time to test the
patch and roll it out. That can range from a few days to a few weeks
(if problems arise) and reducing your exposure, even if it's not
totally eliminated, is valuable.
--
Kyle Maxwell
[krmaxwell@gmail.com]
--------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE
IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to
learn more.
--------------------------------------------------------------------------
