RE: Is IDS/IPS worthless?

From: Bell, Gregory (ISS Atlanta) (gbell_at_iss.net)
Date: 02/24/04

  • Next message: X-Force: "ISS Security Brief: Vulnerability in SMB Parsing in ISS Products"
    Date: Mon, 23 Feb 2004 23:44:40 -0500
    To: <focus-ids@securityfocus.com>
    
    

    I guess it would really depend on the company. Most small business probably would not benefit from a 24/7 monitored IDS service. But when you get a larger company with a large IP block with sensitive data, more and more attacks come you way. Certain types of companies (ie financial, health, governmental, large IT firms), find it necessary to have the added benefit of an IDS not only for the protection element, but also the CYA element incase they are attacked. As someone previously mentioned, there are also other added benefits of monitored IDS: Malfunctioning systems, viruses, worms, down network segments, missconfigured IP, tracking chat, instant messaging, and P2P file sharing, malicious employess. It all comes down to this: if you think you need it, you probably do. And if you think you don’t need it, your probably wrong J.

     

    Have a nice day all,

     

    Gregory Bell

    Internet Security Systems

    IDS Threat Analyst

    www.iss.net

     


  • Next message: X-Force: "ISS Security Brief: Vulnerability in SMB Parsing in ISS Products"