IDS mailing list archives

RE: Is IDS/IPS worthless?

From: "Oscar Kooijman" <oscar.kooijman () chello nl>
Date: Mon, 23 Feb 2004 12:02:52 +0100

Hi,
In my humble opinion, a lot of managers focus on the added $ value.
But forget there is something as not losing $, due to intrusions.
Not to mention the image loss (negative image) due to lack of security.
I think there is no ONE technology witch is going to take care of all our
security issue's, it's a combination of technology's.

So, IMHO IDS/IPS is far from dead.

Regards.
Oscar Kooijman
oscar[DOT]kooijman[AT]chello[DOT]nl
 

***-----Original Message-----
***From: Andrew Plato [mailto:aplato () anitian com] 
***Sent: 20 February 2004 17:32
***To: focus-ids () securityfocus com
***Subject: Is IDS/IPS worthless? 
***
***
***I've noticed something lately and I wonder if anybody else 
***has experienced this. At a meeting recently, I was told by a 
***number of people that IDS/IPS is a "worthless waste of IT 
***resources" and "providing no real value to an organization." 
*** The speaker at this particular meeting challenged me to say 
***"what business goals did the implementation of an IDS/IPS 
***achieve?"  I responded that an IDS gives insight to what is 
***happening on a network and provides critical data to more 
***effectively focus resources on real problems. An IPS builds 
***a level of trust and protection from intrusions as well as 
***insight into the function and behavior of a network. (Okay, 
***it was a vanilla answer, I
***admit.)
*** 
***So this speaker then challenged me to come up with 
***verifiable metrics. I replied that he would have to define 
***what metrics he wants? What does he consider a "viable 
***metric" for performance.  He said "did they sell more 
***products, make more money?"  I replied "why is that the only 
***metric that businesses can understand?  A lot of complex 
***things go into 'making money' and IT operations is a small 
***part of that. Marketing, strategic vision, and many other 
***factors have a much more profound impact on 'making money' 
***than a single IT security solution. However, insight into 
***operations and security is a critical component of IT. How 
***do you know you have been broken into if you don't have any 
***mechanisms to detect those intrusions? There is clear value 
***in investment in locks and security cameras, why not have 
***similar investments into the digital equivalents."  
*** 
***This shut him up, for a while, but it highlighted a growing 
***trend I am noticing. It seems like there are a lot of people 
***with an agenda right now to shoot down the value of IPS/IDS 
***technologies. IPS in particular seems to be painted as a 
***"marketing ploy."  I also hear the story "they bought and 
***IDS and it just sat in a rack and did nothing"  a lot 
***(usually from people who don't even know what an IDS does.) 
*** 
***What is happening here?  Anybody have any idea why there is 
***a growing "anti-IDS" attitude. Is it the failure of IDS to 
***produce value in an organization? Is the Gartner "IDS is 
***dead" report having THAT much affect on the industry?  Are 
***the IDS vendors victims of their own over-marketing?  Am I a 
***paranoid moron? 
*** 
***I am curious to hear other people's ideas on and strategies 
***for dealing with these objections. 
*** 
*** 
***___________________________________
***Andrew Plato, CISSP
***President/Principal Consultant
***ANITIAN  ENTERPRISE  SECURITY
***
***3800 SW Cedar Hills Blvd, Suite 298
***Beaverton, OR 97005
***503-644-5656 Office
***503-214-8069 Fax
***503-201-0821 Mobile
***www.anitian.com
***___________________________________
***
***GPG fingerprint: 16E6 C5B0 B6CB F287 776E E9A9 AF47 9914 
***3582 633D GPG public key available at: 
***http://www.anitian.com/corp/keys.htm 
***
***-------------------------------------------------------------
***--------------
***Free trial: Astaro Security Linux -- firewall with 
***Spam/Virus Protection
***
***Protect your network with the comprehensive security 
***solution that integrates six applications for ease of use 
***and lower TCO.
***
***Firewall - Virus protection - Spam protection - URL blocking - VPN
***- Wireless security.
***
***Download 30-day evaluation at:
***http://www.securityfocus.com/sponsor/Astaro_focus-ids_040219
***-------------------------------------------------------------
***--------------
***
***

Attachment: smime.p7s
Description:

Current thread:

Re: Is IDS/IPS worthless?, (continued)
- - Re: Is IDS/IPS worthless? SecurIT Informatique Inc. (Feb 23)
    - Re: Is IDS/IPS worthless? Olaf Gellert (Feb 23)
    - Re: Is IDS/IPS worthless? SecurIT Informatique Inc. (Feb 23)
    - Re: Is IDS/IPS worthless? Xiaoyong Wu (Feb 24)
    - Re: Is IDS/IPS worthless? Michael Stone (Feb 25)
  - Re: Is IDS/IPS worthless? Mike Hoskins (Feb 23)
- Re: Is IDS/IPS worthless? Pablo Scherer (Feb 23)
- RE: Is IDS/IPS worthless? Wolfpaw - Dale Corse (Feb 23)
- Re: Is IDS/IPS worthless? SecurIT Informatique Inc. (Feb 23)
  - RE: Is IDS/IPS worthless? Martin (Feb 23)
- RE: Is IDS/IPS worthless? Oscar Kooijman (Feb 24)
- RE: Is IDS/IPS worthless? Bob Walder (Feb 23)
- RE: Is IDS/IPS worthless? Bénoni MARTIN (Feb 23)
- RE: Is IDS/IPS worthless? Jeff McLaughlin (Feb 23)
- RE: Is IDS/IPS worthless? Matthew L. McGuirl (Feb 23)
- RE: Is IDS/IPS worthless? Robert Jackson (Feb 23)
- RE: Is IDS/IPS worthless? Cure, Samuel J (Feb 23)
- Re: Is IDS/IPS worthless? Webb Wang CS (Feb 23)
- RE: Is IDS/IPS worthless? DeGennaro, Gregory (Feb 23)
- RE: Is IDS/IPS worthless? Matthew L. McGuirl (Feb 23)
- RE: Is IDS/IPS worthless? Bell, Gregory (ISS Atlanta) (Feb 23)

(Thread continues...)