Educause Security Discussion mailing list archives
Re: ROI on stateful and deep-packet-inspection firewalls
From: Seth Hall <seth () ICIR ORG>
Date: Fri, 3 Feb 2012 09:15:30 -0500
On Jan 31, 2012, at 4:16 PM, Andrew Daviel wrote:
Do you see a big dropoff in downtime and trouble tickets, or extra work creating and tuning rules ?
I would love to see the answers to this question in particular. My expectation is that downtime increases (solely due to increased inline complexity), trouble tickets remain fairly stable, and there is almost certainly going to be considerable time spent tuning rules but that's completely unavoidable. For anyone that knows me I certainly can't pretend to not be biased, but a suggestion that I tend to give people with these questions is to pay attention to the benefits that the money you spend would provide you. Would your security analysts (incident hunters!) be able to understand the network better? Would they be able to respond to problems more quickly? Would it become a tool in their toolbox or would it become a box of magic? .Seth -- Seth Hall International Computer Science Institute (Bro) because everyone has a network http://www.bro-ids.org/
Current thread:
- ROI on stateful and deep-packet-inspection firewalls Andrew Daviel (Jan 31)
- Re: ROI on stateful and deep-packet-inspection firewalls Seth Hall (Feb 03)
- Re: ROI on stateful and deep-packet-inspection firewalls Chris Green (Feb 03)
- Re: ROI on stateful and deep-packet-inspection firewalls Brian Helman (Feb 03)
- Re: ROI on stateful and deep-packet-inspection firewalls Chris Green (Feb 03)
- Re: ROI on stateful and deep-packet-inspection firewalls Seth Hall (Feb 03)