Re: Value of IDS, ROI

From: Bamm Visscher (bamm.visscher_at_gmail.com)
Date: 05/04/05

  • Next message: Seek Knowledge: "Router/Switches and viruses" 
    Date: Wed, 4 May 2005 08:44:18 -0500
To: Jason Patel <patel1210@yahoo.com>

    There is no calculating ROI for security (including IDS) [0]. A CIO
    should be able to understand that. Security is about mitigating loss,
    much like insurance. You should focus on explaining how your IDS
    implementation will help protect the investment your company has made
    in IT. An IDS should provide early warnings of a compromise and other
    security events. It will also help you quickly determine the scope of
    the event, escalate the activity to the correct departments, and the
    data gathered will make the remediation effort more efficient.

    Bammkkkk

    [0] http://taosecurity.blogspot.com/2004/04/calculating-security-roi-is-waste-of.html

    On 3 May 2005 18:15:19 -0000, Jason Patel <patel1210@yahoo.com> wrote:
    >
    >
    > I was wondering how big companies CIO show their executives Return of investment on IDS. What is the monitoring strategy for IDS alerts. I am trying to figure monitoring strategy and how to show my executive that how important job this is, but cant come up with a convincing solution. Anyhelp is highly appreciated.
    >
    > Thanks,
    >
    > Jason
    >
    > --------------------------------------------------------------------------
    > Test Your IDS
    >
    > Is your IDS deployed correctly?
    > Find out quickly and easily by testing it with real-world attacks from
    > CORE IMPACT.
    > Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
    > to learn more.
    > --------------------------------------------------------------------------
    >
    > 

    -- 
sguil - The Analyst Console for NSM
http://sguil.sf.net
--------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------
  • Next message: Seek Knowledge: "Router/Switches and viruses"

    Relevant Pages

    • RE: IDS and Spywares
      ... > a network based security control has better visibility than a host based ... Just as we do in IDS and network traffic analysis. ... > made spyware, or trojan, or any other kind of malware where you can install ...
      (Focus-IDS)
    • RE: Recommending an IDS system
      ... Not trying to make this a Cisco commercial, but I too am very satisfied with Cisco. ... We implemented an IDSM2, sensor device, and Cisco Security Agent for Host Intrusion Prevention. ... Subject: Recommending an IDS system ...
      (Security-Basics)
    • Re: Is IDS/IPS worthless?
      ... >>firewall instead of in front of it should BOTH ... >>fill in the gap left by the false sense of security firewalls give (a ... >IDS technology and I certainly believe in the usefullness of IDS. ... that is confusing IDS and NIDS together. ...
      (Focus-IDS)
    • Re: Firewalls (was Re: IDS evaluations procedures)
      ... aims of security vendors over the last few years has been minimising ... One of the reasons that the reputation of IDS suffered (and maybe why ... I suggest we drop IPS from the nomenclature. ... > with real-world attacks from CORE IMPACT. ...
      (Focus-IDS)
    • RE: Firewalls (was Re: IDS evaluations procedures)
      ... but having setup security systems ... And of course many of the early IDS problems burned a lot of people (too ... Struggling / What's after firewalls? ... expertise to this approach, be it for one set of tools or everything. ...
      (Focus-IDS)