This paper seeks to provide guidance on “how to protect your company from ‘zero-day’ exploits”. It is a fun read, althought I am not entirely convinced that Network Intrusion Prevention Systems (NIPS) can help here. Definitely, good security practices will help.Maybe host-based kernel-level prevention systems can do some of it. However, trying to make an automated blocking decision without the sufficient information (always the case for the 0days) seems very tough. I wonder how this and other vendors are really doing it.