| FRONTPAGE | DOWNLOADS | ABOUT ME | TERMS & CONDITIONS |

SA Security Bloggers

link SensePost
link Haroon Meer
link Matt Erasmus
link Andrew Mohawk
link Junaid Loonat
link Barry Irwin
link Tom Wells
link Allen Baranov
link Jock Forrester
link IT Security Pubcast
link Telspace
link ISGAfrica
link Ralfe Poisson

Popular Entries

Articles
link Vulnerability Life Cycle - threat modelling
link Web Hacking 2.0
link Why Exploit Markets are Bad
link Ettercap-NG Workings and Defence
link The Zotob Summary

How-To's
link Linux SSH Jail with pam_chroot
link Firefox Privacy & Security Extensions

Papers
link Managing Patching, my MSc Thesis
link Risk Analysis of Monthly Patch Schedules

Tools
link Automated Vodacom SMS (VodaSMS)
link RSS 2 SMS
link DShield Hack Detection

Neologisms
link Encryption principles
link Zoolander's Law

Syndicate This Blog

SSL

Certificate fingerprints:

SHA1: 61 13 45 4B 4C F9 89 9B B7 87 C8 78 F7 38 12 CB 07 E2 60 BF
MD5 : DA 53 7B 50 E4 3A 2C 6C A1 17 53 C1 A0 5E CB 89

HTTPS version.
You can find an explanation here.

License

Creative Commons License - Some Rights Reserved
Original content in this work is licensed under a Creative Commons License

Disclaimer

This blog and its contents are in no way affiliated with, or endorsed by my employer.
Random Entry: My Face Animal, Part II
< Blocking Google Tracking | HIV/AIDS Awareness Week >

Tuesday, August 23. 2005

Patching Snake Oil

Masters

On of my readers asked me what I though of Blue Lane technology's Patch Point. Either they have come up with some revolutionary new product or they are spouting marketing speak and selling an IDS.

PatchPoint is a network appliance-based solution that emulates vendor patches inline, which enables servers behind PatchPoint to continue performing as if the appropriate vendor patch had been installed. PatchPoint instantly creates a patched state for critical servers, which means that the vendor patches can be deployed at a later, more convenient time.

Their description of how it works makes it sounds a bit like an IDS with an ActiveFix being a signature. Other than that the site is scant on technical details. If this is an Intrusion Prevention System integrated into a device then that could be a pretty cool idea, but I think they will have trouble providing the same community support as snort and bleeding snort.

But right now the unclear marketing speak makes it look like snake oil.

UPDATE: Thomas Ptacek's Second Rule Of Security Marketing

If your inline network security device claims to provide "virtual patching", the box must use the actual binary patch from Microsoft to do it.
Posted by Dominic White in Masters at 23:21 | Comments (3) | Trackback (1)
Last modified on 2005-11-22 00:44

Trackbacks
Trackback specific URI for this entry

Blue Lane Technology's Patch Point
Blue Lane seems to be getting more attention. I found this post through SA's own Dimension Data's blog. I once wrote about Patch Point when a reader asked for my opinion on it. At the time their site had very little information and I suspected that the
Weblog: Dominic White's .tHE pRODUCT
Tracked: Jan 19, 15:47

Comments
Display comments as (Linear | Threaded)

Well, it is not a snake oil. As you might have seen, the company emerged out of stealth mode. There are many case studies, whitepapers, press-releases to prove the point. Also, as an ex-developer of PatchPoint and a security enthusiast, I think it easily surpasses any network based protection device available on the market. Yea, any.
#1 Pukhraj Singh (Homepage) on 2005-09-30 18:06 (Reply)
That's a pretty bold claim. Does it make toast too? Seriously, saying that it can save the world doesn't make it look anything less like snake oil. I did provide for the possibility that it isn't, however their initial information was scant and riddled with made-up terms.
#1.1 Dominic White (Homepage) on 2005-11-22 00:48 (Reply)
Hmmm..i am impartial to PR stats. My point was firmly and solely based on the technical capabilities of the appliance. Anyways, I am out of the whole venture as you know and I am equally curious on how the company will fare, as I know what world-class device we made. The patch-proxy thing has been picked by media and technical whores alike. Determina is into it and so are other IDP companies.
#2 Pukhraj Singh (Homepage) on 2006-01-08 18:30 (Reply)

Add Comment

E-Mail addresses will not be displayed and will only be used for E-Mail notifications.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA
 
 

Quicksearch

Security Blogs

* Schneier on Security: Friday Squid Blogging: Squid Launcher from "Despicable Me"

* Schneier on Security: Doomsday Shelters

* extern blog SensePost; : Go-derper: mining your memcacheds

* Schneier on Security: Hacking ATMs

* The Spanner: Setters using VBS and constant hacks

* The Spanner: Sandboxed DOM API

* funkatron.com: Links for 2010-07-29 [del.icio.us]

* SecuriTeam Blogs: The List Of A 100 Million Facebook Username’s.

* SecuriTeam Blogs: REVIEW: “The Myths of Security”, John Viega

* BlueHat Security Briefings: MAPP – An Insider's view

* Chris Shiflett: Auto Increment with MongoDB

* Ivan Ristic: Internet SSL Survey 2010 is here!

* terminal23: skills for work and skills for getting work

* 1 Raindrop: Acts of God Algorithm

* Schneier on Security: Security Vulnerabilities of Smart Electricity Meters

* Jeremiah Grossman: In Firefox we can’t read auto-complete, but we can write to it (a lot)!

* Jeremiah Grossman: Patching auto-complete vulnerabilities not enough, Cookie Eviction to the rescue

* Jeremiah Grossman: Stealing AutoComplete form data in Internet Explorer 6 & 7

* Schneier on Security: DNSSEC Root Key Split Among Seven People

* BlueHat Security Briefings: The EMET 2.0 Training Video has arrived!

(c) Dominic White 2010