From: Jason Ostrom (jpo@pobox.com)
Date: Tue May 04 2004 - 17:53:38 EDT
Marc,
I do agree with you when you said kernel protection systems alone are
not enough, but I also think there is not a single silver bullet here,
and the same can be said for any product.
I would be interested to see how the eEye Blink IPS differs in
regards to protecting against vulnerabilities specifically (rather
than just exploits), and how this differs from Okena.
<<
Marc Maiffret> Okena "works" because no one
Marc Maiffret> knowledgeable has said otherwise. Okena has
Marc Maiffret> taken the same flawed approach as
Marc Maiffret> network IDS systems focusing on
Marc Maiffret> protecting from exploits, and not
Marc Maiffret> vulnerabilities specifically. Although
Marc Maiffret> they have done so by doing detection of
Marc Maiffret> exploits at the kernel level,
Marc Maiffret> instead of at the network level.
>>
To be fair to Okena, and all marketing aside, it does provide patch
relief for most vulnerabilities, and isn't this adding an extra layer
of security? I can also see the Security Policy compliance
benefit in locking down the user groups with the rule-based behavior, i.e.
Group A can not use Kazaa, Group B can only use Yahoo IM, etc.
Jason
------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
-------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:53 EDT