Broadband Tech → Security → Security > HIPS/firewall protection

HIPS/firewall protection

i was speaking to one ISO (information security officer) and he tells me that running an enterprise level HIPS with a properly configured firewall rules means we do not have to patch our Windows OS with secuity updates.
Is this just BS or what????

He said "we" and I believe they could. The rest of the configs and practices more than likely won't suit most if any.

do not quite understand your reply.
So if one has an enterprise grade HIPS/firewall does that mean they will not need those OS security patches because the HIPS will protect them anyway?

Security is NOT a one-layer approach. There are many layers to a good security approach and one of those layers is keeping OS and applications up to date with security patches.

There are many methods by which malware can infect a system/network without being detected/stopped by the very best of firewalls.

HIPS is NOT a firewall. A great HIPS is all you need. You would NOT need to keep up with security patches. BUT there are no great HIPS since ProcessGuard that does not work beyond XP. You can thank Microsoft for that. (Plus, it should go without saying that the user must fully understand how to use the HIPS or all bets are off. Most HIPS are difficult to use).
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson

I think the ISO meant, was if you have an enterprise grade HIPS along with a properly configured software firewall and router firewall, it will only just keep the ZERO Day bugs to a stop until things get patched up to the OS level.
So until the OS security patches are being testing or unable to be pushed out on time, then the HIPS/firewall will at least stop or monitor all zero day exploits.