RE: Value of IDS, ROI

THolman_at_toplayer.com
Date: 05/20/05

Next message: Siddharth Phadnis: "RE: IDS ISS"

Previous message: David DiGennaro: "Re: IDS ISS"
Maybe in reply to: Jason Patel: "Value of IDS, ROI"
Next in thread: Justin.Ross_at_signalsolutionsinc.com: "RE: Value of IDS, ROI"
Reply: Justin.Ross_at_signalsolutionsinc.com: "RE: Value of IDS, ROI"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: patel1210@yahoo.com, focus-ids@securityfocus.com
Date: Thu, 19 May 2005 19:38:42 -0400

Hi Jason,

This is one of the big problems with IDS. Being detection-based technology,
IDS is only capable of detecting intrusions\worm\virus outbreaks, rather
than PREVENTING them.
What is the ROI of a detection-based system that alerts you to the fact
you're completely overrun by worm activity? Absolutely nothing. In fact,
if you are relying on IDS to protect you, you will face a negative ROI, as
by the time a zero-day attack gets past it, you will be losing money, even
more so if you've an online presence to protect.
Your CIO should ultimately be concerned in preventing attacks, rather than
detecting them, and you should steer his/her investments toward a good IPS
to compliment (and protect) existing IDS technology, and in some cases, do
away with IDS devices altogether, as they are simply not relevant in terms
of protection.

Regards,

Tim

-----Original Message-----
From: Jason Patel [mailto:patel1210@yahoo.com]
Sent: 03 May 2005 19:15
To: focus-ids@securityfocus.com
Subject: Value of IDS, ROI

I was wondering how big companies CIO show their executives Return of
investment on IDS. What is the monitoring strategy for IDS alerts. I am
trying to figure monitoring strategy and how to show my executive that how
important job this is, but cant come up with a convincing solution. Anyhelp
is highly appreciated.

Thanks,

Jason

--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
--------------------------------------------------------------------------

--------------------------------------------------------------------------
Test Your IDS

Next message: Siddharth Phadnis: "RE: IDS ISS"

Previous message: David DiGennaro: "Re: IDS ISS"
Maybe in reply to: Jason Patel: "Value of IDS, ROI"
Next in thread: Justin.Ross_at_signalsolutionsinc.com: "RE: Value of IDS, ROI"
Reply: Justin.Ross_at_signalsolutionsinc.com: "RE: Value of IDS, ROI"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

RE: IDS & Wireless Access Point Detection
... I'm not sure how a PCI card in infrastructure mode would do....I think that ... > integrating the logs generated by detecting a new AP into the IDS console. ... If I put my NIC in Infrastructure Mode, ...
(Focus-IDS)
RE: ssh and ids
... NAI Intrushield 2.1 version is capable of detecting and analysing encrypted data packets. ... Is there any IDS capable of isolating data it cannot read, ...
(Focus-IDS)
RE: IDS and Spywares
... no 100% fool proof method for detecting anything. ... Subject: IDS and Spywares ... Spyware detection through any ... > detected by an antivirus system and not by a network ...
(Focus-IDS)
RE: Did IDSes detect the SQL worm?
... Our IDS sensors were extremely effective in detecting this activity, ... especially during the early stages without any specific sigs for Slammer. ...
(Focus-IDS)
Re: Cisco IOS Shellcode - McAfee IPS Protection
... It depends on what they are detecting and/or blocking. ... CPUs used in various Cisco products and anomalies in protocols ... Test Your IDS ... with real-world attacks from CORE IMPACT. ...
(Focus-IDS)