Network- and server-based intrusion prevention may still be necessary, but companies are moving IPS down to the desktop level for better protection. Patching is supposed to secure your organization from the latest batch of malicious code. “We were expending a huge amount of effort cleaning up the infections in our machines,” says Darrel Davis, chief security officer for the state. “Some exploits were out there yet no patches were available.” Like a growing number of IT security managers, to address those problems, Davis deployed host-based intrusion-prevention system (HIPS) software on 19,000 desktops scattered throughout the state. Its definition hasn’t been settled upon, however, and several vendors advocate very different approaches. “The ultimate point we are heading toward is to prevent all zero-day attacks.