[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ISSForum] New Role at ISS

FYI, I've recently changed roles at Internet Security Systems.  I put
more details at http://www.klausnews.com <http://www.klausnews.com/>  or
http://klausnews.com/modules.php?name=News&file=article&sid=29 (for when
this gets archived and want to point back to the original article).


Additionally, Here is a document that I put together awhile ago on
Virtual Patch and Dynamic Threat Protection.   Virtual Patch is a simple
concept that by using protection technology, we can reduce the risk of
vulnerabilities.   Using Virtual Patch protection to block
vulnerabilities is more effective for large organizations than security


Security patching has many severe challenges for most large
organizations and have yet to find a Fortune 1000 company that is fully
patched.  While I do recommend apply security patches is a good part of
overall IT maintenance, the virtual patch process is a better first line
of defense.  Adding protection agents in the short-term along with
security patching for the long-term is the optimal model. 


Is Virtual Patch a product or feature?   I like to think of it as a
mindset and process change.   It is shifting from manually patching your
computers for vulnerabilities to letting a security agent provide
protection against a vulnerability risk.  We are re-prioritizing how
companies can go about locking down their vulnerabilities.


 You can see this mindset change with ISS as we transform to "detecting"
your risks thru IDS and audit, and now start to provide Protection.
Some major algorithms to providing virtual patch or protection is with
our IPS engine.  We focus on identifying vulnerabilities and stopping
them from being exploited, while most other IDS/IPS engines are focused
on specific exploit and worm patterns.  If we focus on catching worms
after the fact, it is usually too late.  If we can reduce the
vulnerability risk with IPS, we are actually ahead of the threat of
exploits and worms.    We are adding two other major technology advances
that are currently in beta: 

1) BOEP - Buffer Overflow Exploit Protection.   This will help reduce
many BO risks, including application BO's and unknown BO's.   

2) VPS - Virus Prevention System.  VPS uses a simulation ability to
identify viruses by a program's behavior before actually running an
executable.  This changes the paradigm of constantly fingerprinting
every major new virus.    


By applying our IPS, BOEP, and VPS, along with other protection
algorithms, we are moving ahead of the threat.   Here's a quick FAQ on
Virtual Patch and comparing it against trying to manually patch:






ISSForum mailing list

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo/issforum

To contact the ISSForum Moderator, send email to mod-issforum@xxxxxxx

The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.