Re: ROI on IDS/IPS products

From: Aaron Turner <synfinatic@xxxxxxxxx>
Date: Fri, 27 Feb 2009 12:29:17 -0800

On Fri, Feb 27, 2009 at 10:26 AM, Jeff Kell <jeff-kell@xxxxxxx> wrote:

"The day before a breach, the ROI is zero. The day after, it is
infinite." -- Dennis Hoffman, RSA

Actually I'd argue that if you have an IPS and you're breached, then
the ROI is likely negative.

Honestly, there are so many variables that go into the ROI (what
product, it's quality, your risk profile, your baseline network
traffic, etc) that saying because some other random company didn't
find any value that you won't either is overly simplistic. How and
where you deploy an IPS can dramatically affect the ROI.

Of course, since resources aren't infinite there may be other things
you can do which have a higher ROI then deploying/managing an IPS.

--
Aaron Turner
http://synfin.net/
http://tcpreplay.synfin.net/ - Pcap editing and replay tools for Unix & Windows
Those who would give up essential Liberty, to purchase a little
temporary Safety,
deserve neither Liberty nor Safety.
-- Benjamin Franklin

References:
- ROI on IDS/IPS products
  - From: Ravi Chunduru
- Re: ROI on IDS/IPS products
  - From: Jeff Kell

Prev by Date: RE: ROI on IDS/IPS products
Next by Date: Re: ROI on IDS/IPS products
Previous by thread: Re: ROI on IDS/IPS products
Next by thread: Re: ROI on IDS/IPS products
Index(es):
- Date
- Thread

Relevant Pages

Re: IPS, alternative solutions
... I think we can all agree that IPS is no replacement for Patch ... My point is that there is no demonstrable ROI that I have ... > Scott, to answer your question on cost effective, perhaps IPS will more than ...
(Focus-IDS)
Re: ROI on IDS/IPS products
... there is no such thing as ROI for security spending, ... justification. ... remove IPS devices. It was felt that they did not find enough ROI to ...
(Focus-IDS)