Re: ROI on IDS/IPS products



On Fri, Feb 27, 2009 at 10:26 AM, Jeff Kell <jeff-kell@xxxxxxx> wrote:
"The day before a breach, the ROI is zero. The day after, it is
infinite."  -- Dennis Hoffman, RSA

Actually I'd argue that if you have an IPS and you're breached, then
the ROI is likely negative.

Honestly, there are so many variables that go into the ROI (what
product, it's quality, your risk profile, your baseline network
traffic, etc) that saying because some other random company didn't
find any value that you won't either is overly simplistic. How and
where you deploy an IPS can dramatically affect the ROI.

Of course, since resources aren't infinite there may be other things
you can do which have a higher ROI then deploying/managing an IPS.

--
Aaron Turner
http://synfin.net/
http://tcpreplay.synfin.net/ - Pcap editing and replay tools for Unix & Windows
Those who would give up essential Liberty, to purchase a little
temporary Safety,
deserve neither Liberty nor Safety.
-- Benjamin Franklin