IDS mailing list archives
RE: Value of IDS, ROI
From: "Ed Gibbs" <ed () digitalconclave com>
Date: Tue, 3 May 2005 17:10:32 -0700
Jason, Positioning IDS/IPS to the CxO level if very difficult, because the return is basically not realized until the product actually proves itself by preventing or detecting something significant. Things to bring up include: * Capital Cost: sensor(s), management software, additional hardware, maintenance * Operational Cost: installation, policy implementation, tuning/analysis, software/hardware updates, monitoring, remote management, personal, etc. * Business Benefit - Cost of not detecting/preventing attacks (risk) - Cost of downtime including manpower and disruption in business/productivity - Attack recovery cost Risk, in this case, is defined as a measurement of uncertainty around a given investment in technology. Uncertainty is measured from several perspectives: one is the likelihood that he technoogy will not perform as expected. This impacts cost and benefit estimates by potentially reducing the benefits that will ultimately be achieved as well as increasing the costs of the investment. Second, lack of accountability and incentive to measure the success of the investment, particularly enterprise wide benefits, will ultimately result in lack of a demonstrated return. I like to use the auto insurance scenario, because it's something that we don't see any return on unless something happens, then we ultimately need it. I have more information and example spreadsheets on how to calculate capital cost, operational cost, and benefits if you would like a copy. You also may want to consider investing your money in IPS, rather than IDS. The majority of IPS products today can still be used as an IDS, however, you have the option of going in-line and blocking attacks rather than just detecting, which will go further. McAfee IntruShield, TippingPoint UnityOne, ISS RealSecure, NitroSecurity, and others are well worth the investment. -Ed 760-687-6768 ed () digitalconclave com IPS Experts -----Original Message----- From: Jason Patel [mailto:patel1210 () yahoo com] Sent: Tuesday, May 03, 2005 11:15 AM To: focus-ids () securityfocus com Subject: Value of IDS, ROI I was wondering how big companies CIO show their executives Return of investment on IDS. What is the monitoring strategy for IDS alerts. I am trying to figure monitoring strategy and how to show my executive that how important job this is, but cant come up with a convincing solution. Anyhelp is highly appreciated. Thanks, Jason -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. -------------------------------------------------------------------------- -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. --------------------------------------------------------------------------
Current thread:
- Value of IDS, ROI Jason Patel (May 03)
- RE: Value of IDS, ROI Ed Gibbs (May 03)
- Re: Value of IDS, ROI Vladimir Vuksan (May 03)
- Re: Value of IDS, ROI Bamm Visscher (May 04)
- RE: Value of IDS, ROI Eric Hines (May 06)
- Re: Value of IDS, ROI Bamm Visscher (May 06)
- RE: Value of IDS, ROI Pete Lindstrom (May 06)
- RE: Value of IDS, ROI Eric Hines (May 06)
- <Possible follow-ups>
- Re: Value of IDS, ROI Bob Huber (May 03)
- RE: Value of IDS, ROI Angel L Rivera (May 04)
- Re: Value of IDS, ROI Jason Patel (May 06)
- RE: Value of IDS, ROI John Forristel (SunGard-Chico) (May 06)
- Re: Value of IDS, ROI Chris Byrd (May 06)
(Thread continues...)