IDS mailing list archives
RE: Is IDS/IPS worthless?
From: "Oscar Kooijman" <oscar.kooijman () chello nl>
Date: Mon, 23 Feb 2004 12:02:52 +0100
Hi, In my humble opinion, a lot of managers focus on the added $ value. But forget there is something as not losing $, due to intrusions. Not to mention the image loss (negative image) due to lack of security. I think there is no ONE technology witch is going to take care of all our security issue's, it's a combination of technology's. So, IMHO IDS/IPS is far from dead. Regards. Oscar Kooijman oscar[DOT]kooijman[AT]chello[DOT]nl ***-----Original Message----- ***From: Andrew Plato [mailto:aplato () anitian com] ***Sent: 20 February 2004 17:32 ***To: focus-ids () securityfocus com ***Subject: Is IDS/IPS worthless? *** *** ***I've noticed something lately and I wonder if anybody else ***has experienced this. At a meeting recently, I was told by a ***number of people that IDS/IPS is a "worthless waste of IT ***resources" and "providing no real value to an organization." *** The speaker at this particular meeting challenged me to say ***"what business goals did the implementation of an IDS/IPS ***achieve?" I responded that an IDS gives insight to what is ***happening on a network and provides critical data to more ***effectively focus resources on real problems. An IPS builds ***a level of trust and protection from intrusions as well as ***insight into the function and behavior of a network. (Okay, ***it was a vanilla answer, I ***admit.) *** ***So this speaker then challenged me to come up with ***verifiable metrics. I replied that he would have to define ***what metrics he wants? What does he consider a "viable ***metric" for performance. He said "did they sell more ***products, make more money?" I replied "why is that the only ***metric that businesses can understand? A lot of complex ***things go into 'making money' and IT operations is a small ***part of that. Marketing, strategic vision, and many other ***factors have a much more profound impact on 'making money' ***than a single IT security solution. However, insight into ***operations and security is a critical component of IT. How ***do you know you have been broken into if you don't have any ***mechanisms to detect those intrusions? There is clear value ***in investment in locks and security cameras, why not have ***similar investments into the digital equivalents." *** ***This shut him up, for a while, but it highlighted a growing ***trend I am noticing. It seems like there are a lot of people ***with an agenda right now to shoot down the value of IPS/IDS ***technologies. IPS in particular seems to be painted as a ***"marketing ploy." I also hear the story "they bought and ***IDS and it just sat in a rack and did nothing" a lot ***(usually from people who don't even know what an IDS does.) *** ***What is happening here? Anybody have any idea why there is ***a growing "anti-IDS" attitude. Is it the failure of IDS to ***produce value in an organization? Is the Gartner "IDS is ***dead" report having THAT much affect on the industry? Are ***the IDS vendors victims of their own over-marketing? Am I a ***paranoid moron? *** ***I am curious to hear other people's ideas on and strategies ***for dealing with these objections. *** *** ***___________________________________ ***Andrew Plato, CISSP ***President/Principal Consultant ***ANITIAN ENTERPRISE SECURITY *** ***3800 SW Cedar Hills Blvd, Suite 298 ***Beaverton, OR 97005 ***503-644-5656 Office ***503-214-8069 Fax ***503-201-0821 Mobile ***www.anitian.com ***___________________________________ *** ***GPG fingerprint: 16E6 C5B0 B6CB F287 776E E9A9 AF47 9914 ***3582 633D GPG public key available at: ***http://www.anitian.com/corp/keys.htm *** ***------------------------------------------------------------- ***-------------- ***Free trial: Astaro Security Linux -- firewall with ***Spam/Virus Protection *** ***Protect your network with the comprehensive security ***solution that integrates six applications for ease of use ***and lower TCO. *** ***Firewall - Virus protection - Spam protection - URL blocking - VPN ***- Wireless security. *** ***Download 30-day evaluation at: ***http://www.securityfocus.com/sponsor/Astaro_focus-ids_040219 ***------------------------------------------------------------- ***-------------- *** ***
Attachment:
smime.p7s
Description:
Current thread:
- Re: Is IDS/IPS worthless?, (continued)
- Re: Is IDS/IPS worthless? SecurIT Informatique Inc. (Feb 23)
- Re: Is IDS/IPS worthless? Olaf Gellert (Feb 23)
- Re: Is IDS/IPS worthless? SecurIT Informatique Inc. (Feb 23)
- Re: Is IDS/IPS worthless? Xiaoyong Wu (Feb 24)
- Re: Is IDS/IPS worthless? Michael Stone (Feb 25)
- Re: Is IDS/IPS worthless? SecurIT Informatique Inc. (Feb 23)
- Re: Is IDS/IPS worthless? Mike Hoskins (Feb 23)
- RE: Is IDS/IPS worthless? Martin (Feb 23)