RE: Is IDS/IPS worthless?
From: Bell, Gregory (ISS Atlanta) (gbell_at_iss.net)
Date: Mon, 23 Feb 2004 23:44:40 -0500 To: <firstname.lastname@example.org>
I guess it would really depend on the company. Most small business probably would not benefit from a 24/7 monitored IDS service. But when you get a larger company with a large IP block with sensitive data, more and more attacks come you way. Certain types of companies (ie financial, health, governmental, large IT firms), find it necessary to have the added benefit of an IDS not only for the protection element, but also the CYA element incase they are attacked. As someone previously mentioned, there are also other added benefits of monitored IDS: Malfunctioning systems, viruses, worms, down network segments, missconfigured IP, tracking chat, instant messaging, and P2P file sharing, malicious employess. It all comes down to this: if you think you need it, you probably do. And if you think you don’t need it, your probably wrong J.
Have a nice day all,
Internet Security Systems
IDS Threat Analyst