Re: ROI on IDS/IPS products



On Fri, Feb 27, 2009 at 10:26 AM, Jeff Kell <jeff-kell@xxxxxxx> wrote:
"The day before a breach, the ROI is zero. The day after, it is
infinite."  -- Dennis Hoffman, RSA

Actually I'd argue that if you have an IPS and you're breached, then
the ROI is likely negative.

Honestly, there are so many variables that go into the ROI (what
product, it's quality, your risk profile, your baseline network
traffic, etc) that saying because some other random company didn't
find any value that you won't either is overly simplistic. How and
where you deploy an IPS can dramatically affect the ROI.

Of course, since resources aren't infinite there may be other things
you can do which have a higher ROI then deploying/managing an IPS.

--
Aaron Turner
http://synfin.net/
http://tcpreplay.synfin.net/ - Pcap editing and replay tools for Unix & Windows
Those who would give up essential Liberty, to purchase a little
temporary Safety,
deserve neither Liberty nor Safety.
-- Benjamin Franklin



Relevant Pages

  • Re: IPS, alternative solutions
    ... I think we can all agree that IPS is no replacement for Patch ... My point is that there is no demonstrable ROI that I have ... > Scott, to answer your question on cost effective, perhaps IPS will more than ...
    (Focus-IDS)
  • Re: ROI on IDS/IPS products
    ... there is no such thing as ROI for security spending, ... justification. ... remove IPS devices.  It was felt that they did not find enough ROI to ...
    (Focus-IDS)