IDS mailing list archives
RE: Recent anti-NIDS Gartner article
From: "Jim Butterworth" <res0qh1m () verizon net>
Date: Tue, 17 Jun 2003 11:47:59 -0700
I think an IDS is a lot like an insurance policy. Think of it like this, it in theory, is a great solution to the growing information security threats and trends. But an IDS is not a panacea. It is not something that can fairly be measured for ROI. How do you justify ROI every month when you pay auto insurance and never ever have an accident? What about the deductible that you have to pay anyway when you need to make a claim? All's I can say to that is, when you need it, it'd better be good coverage! How will you find out what is going on internal to your network if you don't use an IDS? A firewall will only stop a packet it knows of, and that is at the border of your network. What about the insider threat? What about the a concept that watches those with the "keys" to the company? Wouldn't it be better to park an IDS on the company's "crown jewels" server that try and design a firewall solution to protect the machine? Sure, you can do both, but wouldn't it be really cool to be able to tell the CEO who internally was trying to gain access to the corporate secrets? That is money, to me... r/Jim Butterworth -----Original Message----- From: Reverman, Peter C [mailto:peter.c.reverman () intel com] Sent: Tuesday, June 17, 2003 10:42 AM To: Mike Blomgren; focus-ids () securityfocus com Subject: RE: Recent anti-NIDS Gartner article Disclaimer: My views are not the views of my company, etc., etc. ================================================================== Because not everyone wants to spend the money on NIDS as they don't understand the value (loss prevented). This is the typical money allocation question, just like everyone has locks on their doors but far fewer have cameras, there will be only cameras installed (IDS's) where there is money budgeted (Unclear loss prevention - IDS have an unclear perception of value due to complexity) allocated but there will always be locks (firewalls - clear perception of loss prevention) because of perception they prevent loss. IDS's provide proof of attack (proof of loss=$) which provides forensics for investigations which leads to actions in some cases that stop a problem (eliminated loss to the business. It is all about loss prevention and proof that attacks are happening now which now can be prevented (loss prevention). ROI = (Loss Prevented) - (Cost of IDS system). This formula indicates you better not spend more on IDS than the loss prevented to get positive ROI. Calculating loss prevention is fairly easy using the many available examples (FBI study 2002) to show current losses being incurred around the globe. Thanks, Peter -----Original Message----- From: Mike Blomgren [mailto:mike.blomgren () secode com] Sent: Tuesday, June 17, 2003 9:27 AM To: focus-ids () securityfocus com Subject: RE: Recent anti-NIDS Gartner article If IDS is the looser, and a firewall is the solution - then why do we have surveillance cameras when we would be better off with good locks on our doors? ------------------------------------------------------------------------ ------- Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the world's premier technical IT security event! 10 tracks, 15 training sessions, 1,800 delegates from 30 nations including all of the top experts, from CSO's to "underground" security specialists. See for yourself what the buzz is about! Early-bird registration ends July 3. This event will sell out. www.blackhat.com ------------------------------------------------------------------------ ------- ------------------------------------------------------------------------ ------- Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the world's premier technical IT security event! 10 tracks, 15 training sessions, 1,800 delegates from 30 nations including all of the top experts, from CSO's to "underground" security specialists. See for yourself what the buzz is about! Early-bird registration ends July 3. This event will sell out. www.blackhat.com ------------------------------------------------------------------------ ------- ------------------------------------------------------------------------------- Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the world's premier technical IT security event! 10 tracks, 15 training sessions, 1,800 delegates from 30 nations including all of the top experts, from CSO's to "underground" security specialists. See for yourself what the buzz is about! Early-bird registration ends July 3. This event will sell out. www.blackhat.com -------------------------------------------------------------------------------
Current thread:
- Recent anti-NIDS Gartner article Ron Gula (Jun 17)
- RE: Recent anti-NIDS Gartner article Mike Blomgren (Jun 17)
- Re: Recent anti-NIDS Gartner article Stephen Samuel (Jun 18)
- Re: Recent anti-NIDS Gartner article nyec (Jun 17)
- Re: Recent anti-NIDS Gartner article Stephen P. Berry (Jun 18)
- <Possible follow-ups>
- RE: Recent anti-NIDS Gartner article Reverman, Peter C (Jun 17)
- RE: Recent anti-NIDS Gartner article - BruteForce Security Robert J. Mehler (Jun 17)
- Recent anti-NIDS Gartner article Srinivasa Rao Addepalli (Jun 18)
- RE: Recent anti-NIDS Gartner article Jim Butterworth (Jun 18)
- Re: Recent anti-NIDS Gartner article Michael Sierchio (Jun 18)
- RE: Recent anti-NIDS Gartner article - BruteForce Security Robert J. Mehler (Jun 17)
- Re: Recent anti-NIDS Gartner article Srinivasa Rao Addepalli (Jun 18)
- Re: Recent anti-NIDS Gartner article Stephen Samuel (Jun 19)
- Re: Recent anti-NIDS Gartner article Srinivasa Rao Addepalli (Jun 22)
- RE: Recent anti-NIDS Gartner article Jim Butterworth (Jun 19)
- Re: Recent anti-NIDS Gartner article Stephen Samuel (Jun 19)
- RE: Recent anti-NIDS Gartner article Hall, Andrew (DPRS) (Jun 19)
- RE: Recent anti-NIDS Gartner article Paul Benedek (Jun 22)
- Re: Recent anti-NIDS Gartner article Richard Ginski (Jun 19)
- RE: Recent anti-NIDS Gartner article Mike Blomgren (Jun 17)