I saw this recently. It's cool technology, and I'm dead certain it's not the answer.
I think whitelisting is the only real answer - default deny, and only allow what's determined to be needed for the business. Anything else is whistling past the graveyard. On Fri, Feb 5, 2010 at 07:31, Martin Blackstone <[email protected]> wrote: > Take a look at Palo Alto Networks. > > It’s time to stop blocking IP’s and ports and start looking at the > application level. > > > > > > From: David Lum [mailto:[email protected]] > Sent: Friday, February 05, 2010 6:17 AM > To: NT System Admin Issues > Subject: User 2.0 > > > > Thoughts? Some of the comments are good. > > http://isc.sans.org/diary.html?storyid=8158 > > David Lum // SYSTEMS ENGINEER > NORTHWEST EVALUATION ASSOCIATION > (Desk) 971.222.1025 // (Cell) 503.267.9764 > > > > > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
