Re: lots of monkeys staring at a screen....security?

[liquidfish <liquidfish () gmail com>]

There is another value that IDS can afford a business which has not yet been
discussed in this thread. I agree 100% with the previous comments on the
worth (or lack thereof) of an IDS in catching and responding to attacks in
progress.

However, there is value in trending from the alerts of an IDS. By monitoring
and trending what types of attacks your network sees the most of, and which
parts of the network have the higher number of attacks, you can begin to
understand where your focus for future security projects should be and help
decide what types of things should be budgeted for. I will agree that in
many cases these things should already be obvious and you shouldn't need an
IDS to tell you them, but there are cases where many admins are surprised
when they start paying attention and see what is really going on, as opposed
to what they assumed was going on. Additionally, generating pretty graphs
from IDS alert trending to present to upper management can often help them
understand the need to budget for things you already know need to be taken
care of. See a lot of web application attacks? Show management the numbers
and finally get that budget set aside to send the web developers to some
secure programming training etc.

IDS can provide value, peoples (more often than not, managements)
expectations of what that value is just needs to catch up with reality.


-fish

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave