RE: Value of IDS, ROI

From: Ed Gibbs (ed_at_digitalconclave.com)
Date: 05/04/05

  • Next message: Bob Huber: "Re: Value of IDS, ROI" 
    To: "'Jason Patel'" <patel1210@yahoo.com>, <focus-ids@securityfocus.com>
Date: Tue, 3 May 2005 17:10:32 -0700

    Jason,

    Positioning IDS/IPS to the CxO level if very difficult, because the return
    is basically not realized until the product actually proves itself by
    preventing or detecting something significant. Things to bring up include:

    * Capital Cost: sensor(s), management software, additional hardware,
    maintenance
    * Operational Cost: installation, policy implementation,
    tuning/analysis, software/hardware updates, monitoring, remote management,
    personal, etc.
    * Business Benefit
            - Cost of not detecting/preventing attacks (risk)
            - Cost of downtime including manpower and disruption in
    business/productivity
            - Attack recovery cost

     Risk, in this case, is defined as a measurement of uncertainty around a
    given investment in technology. Uncertainty is measured from several
    perspectives: one is the likelihood that he technoogy will not perform as
    expected. This impacts cost and benefit estimates by potentially reducing
    the benefits that will ultimately be achieved as well as increasing the
    costs of the investment. Second, lack of accountability and incentive to
    measure the success of the investment, particularly enterprise wide
    benefits, will ultimately result in lack of a demonstrated return.

     I like to use the auto insurance scenario, because it's something that we
    don't see any return on unless something happens, then we ultimately need
    it.

    I have more information and example spreadsheets on how to calculate capital
    cost, operational cost, and benefits if you would like a copy. You also may
    want to consider investing your money in IPS, rather than IDS. The majority
    of IPS products today can still be used as an IDS, however, you have the
    option of going in-line and blocking attacks rather than just detecting,
    which will go further. McAfee IntruShield, TippingPoint UnityOne, ISS
    RealSecure, NitroSecurity, and others are well worth the investment.

    -Ed
    760-687-6768
    ed@digitalconclave.com
    IPS Experts

     

    -----Original Message-----
    From: Jason Patel [mailto:patel1210@yahoo.com]
    Sent: Tuesday, May 03, 2005 11:15 AM
    To: focus-ids@securityfocus.com
    Subject: Value of IDS, ROI

    I was wondering how big companies CIO show their executives Return of
    investment on IDS. What is the monitoring strategy for IDS alerts. I am
    trying to figure monitoring strategy and how to show my executive that how
    important job this is, but cant come up with a convincing solution. Anyhelp
    is highly appreciated.

    Thanks,

    Jason

    --------------------------------------------------------------------------
    Test Your IDS

    Is your IDS deployed correctly?
    Find out quickly and easily by testing it with real-world attacks from CORE
    IMPACT.
    Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
    to learn more.
    --------------------------------------------------------------------------

    --------------------------------------------------------------------------
    Test Your IDS

    Is your IDS deployed correctly?
    Find out quickly and easily by testing it with real-world attacks from
    CORE IMPACT.
    Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
    to learn more.
    --------------------------------------------------------------------------

  • Next message: Bob Huber: "Re: Value of IDS, ROI"
    • Quantcast