FYI, I've recently changed roles at Internet Security Systems. I put more details at http://www.klausnews.com <http://www.klausnews.com/> or http://klausnews.com/modules.php?name=News&file=article&sid=29 (for when this gets archived and want to point back to the original article).
Additionally, Here is a document that I put together awhile ago on Virtual Patch and Dynamic Threat Protection. Virtual Patch is a simple concept that by using protection technology, we can reduce the risk of vulnerabilities. Using Virtual Patch protection to block vulnerabilities is more effective for large organizations than security patching. Security patching has many severe challenges for most large organizations and have yet to find a Fortune 1000 company that is fully patched. While I do recommend apply security patches is a good part of overall IT maintenance, the virtual patch process is a better first line of defense. Adding protection agents in the short-term along with security patching for the long-term is the optimal model. Is Virtual Patch a product or feature? I like to think of it as a mindset and process change. It is shifting from manually patching your computers for vulnerabilities to letting a security agent provide protection against a vulnerability risk. We are re-prioritizing how companies can go about locking down their vulnerabilities. You can see this mindset change with ISS as we transform to "detecting" your risks thru IDS and audit, and now start to provide Protection. Some major algorithms to providing virtual patch or protection is with our IPS engine. We focus on identifying vulnerabilities and stopping them from being exploited, while most other IDS/IPS engines are focused on specific exploit and worm patterns. If we focus on catching worms after the fact, it is usually too late. If we can reduce the vulnerability risk with IPS, we are actually ahead of the threat of exploits and worms. We are adding two other major technology advances that are currently in beta: 1) BOEP - Buffer Overflow Exploit Protection. This will help reduce many BO risks, including application BO's and unknown BO's. 2) VPS - Virus Prevention System. VPS uses a simulation ability to identify viruses by a program's behavior before actually running an executable. This changes the paradigm of constantly fingerprinting every major new virus. By applying our IPS, BOEP, and VPS, along with other protection algorithms, we are moving ahead of the threat. Here's a quick FAQ on Virtual Patch and comparing it against trying to manually patch: http://www.issadvisor.com/viewtopic.php?t=443 Cheers, Chris _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo/issforum To contact the ISSForum Moderator, send email to [EMAIL PROTECTED] The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.
