Greetings all, In this (http://www.eweek.com/article2/0,1759,1607680,00.asp) article over on eWeek.com, a couple of new tools are described, including Determina's SecureCore and Immunix's Application Firewalling Suite. The article states, "This tack represents a shift from the decades-old approach of detecting and stopping attacks in progress using signatures or pattern-recognition algorithms. Customers and security experts say the new tools signal a new direction for the industry at large."
As a staunch non-advocate of the patch-and-chase game, I find this encouraging and sincerely hope that the tools live up to the expectations that are being set. I also wonder if things such as AMD's relatively new NX (non-execute) bit architecture can be of any value in preventing things like buffer overflow attacks in production environments. While they're no substitute for designing and coding things properly in the first place, I do like the notion of the system preventing such attacks before they can do harm. (In fact, this concept is very much at the center of my first monthly column on eSecurityPlanet, which should be hitting http://www.eSecurityPlanet.com later today.) Although the Immunix suite was briefly described here earlier, the Determina product wasn't. Has anyone here looked at these tools and care to share their experience with either or both? Cheers, Ken van Wyk -- KRvW Associates, LLC http://www.KRvW.com