The always readable Ellen Messmer reports on ISS' 'virtual patching' this week.
The idea here is that the ISS tool will combine functionality from their scanner and IDS product to look for and mitigate risks from known vulnerabilities whether the target system is patched or not.
It's a very interesting idea but let's see how it plays out when it's delivered. It's a tall order for ISS. There's a risk of a false sense of security, "we don't need to patch we have ISS!" It remains to be seen if a scanner and IDS product can really replace the need for patching the target systems.
Overall I've got reservations about this. IDS systems can be overloaded and miss intrusions/vulnerabilities if hackers design the attacks cleverly. On the other hand, never say never. It'll be a good technology to keep and eye on when ISS releases it next month.
Posted by Diana at June 2, 2003 09:19 AM