IDS mailing list archives

Re: Testimonials on IDS

From: James Riden <j.riden () massey ac nz>
Date: Thu, 10 Jun 2004 08:37:17 +1200

"Ross, George" <george.ross () atlahq org> writes:

I wanted to get on my soap box for this one Willie but long story short.
Shame on you.  I go through the same thing with my employees, asking
them to justify and they rarely can.  We can offer suggestions here
about what you should tell them but based on your environment you should
be able to tell what benefits is brought to your company up to this
point.  Not only that it depends on how your IDS has been implemented
(we don't get the benefit on the comment below because of our firewall
structure) and which IDS you have.  

With that said, a major justification for your company may be worms,
trojans and other code pass through packets that a normal virus
detection software could not catch either because it is waiting for a
signature file update or it just doesn't look for SQL slammer, etc. type
worms.  Remember to focus on tiered structure when speaking with
management about these issue, IDS is a first line defense, next is the
firewall, etc, etc.


Personally, I classify the firewall as defence (prevention), and IDS
and AV software as "detection and response".

A testimonal? It was much easier to get approval to buy two further
sensors than it was to buy the first one :) It has been invaluable in
tracking malicious activity in our internal network, including Sasser,
Blaster, Welchia and some cracking attempts.

Seriously, you need to have some measures in place for *when* you get
compromised. It will happen eventually on any reasonable sized network
and if you haven't thought about it, you will find it harder to track
down what's gone wrong and to fix it.

-- 
James Riden / j.riden () massey ac nz / Systems Security Engineer
GPG public key available at: http://www.massey.ac.nz/~jriden/
This post does not necessarily represent the views of my employer.


---------------------------------------------------------------------------

---------------------------------------------------------------------------

Current thread:

Testimonials on IDS willie domingo (Jun 07)
- RE: Testimonials on IDS Eric Hines (Jun 08)
- <Possible follow-ups>
- RE: Testimonials on IDS Ross, George (Jun 09)
  - Re: Testimonials on IDS James Riden (Jun 11)
  - Re: Testimonials on IDS Devdas Bhagat (Jun 15)
    - Re: Testimonials on IDS Darren Bounds (Jun 21)