('binary' encoding is not supported, stored as-is)
I was at an ISS event (but I guess it applies to all IPS vendors) where they said after a signature is written they QA it to prevent false positives, for about 8 weeks in the wild.
It sounded a little counter productive to the "virtual patching" claims, since that often means the protection comes in after I've already patched the system.
I agree I wouldn't deploy prevention prior to being sure it'll not cause a DoS to the network (or at all until this technology matures a little more), but with this attitude what is the IPS virtual patch hype all about?
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------
Received on Jul 12 2006
Intro
