IDS mailing list archives
Re: ROI on IDS/IPS products
From: sant-bar () dsv su se
Date: Fri, 27 Feb 2009 19:07:40 +0000
What about a risk-based approach for justifying a security investment? Even in cases when a quantitative risk assessment approach is not possible I find qualitative approach (if effective) can be good enough. Any thoughts? It is quite weird for me to see that a telecom is not mature enough vis-a-vis security. Personally I worked for one back in 2004 and I think it was quite ahead at the time. Cheers, Santiago ------Original Message------ From: Jeremy Walczak Sender: listbounce () securityfocus com To: Ravi Chunduru To: Focus IDS Subject: Re: ROI on IDS/IPS products Sent: 27 Feb 2009 19:47 Interesting paper from SANS. Link below. It in part discusses why there is no such thing as ROI for security spending, and instead tries to focus the decision on either an "investment" or "goal" based justification. Perhaps the paper would help to generate ideas on other ways to sell the investment to the company. http://www.sans.org/reading_room/whitepapers/dlp/rss/the_business_justification_for_data_security_33033 Jeremy
Ravi Chunduru <ravi.is.chunduru () gmail com> 2/27/2009 12:08 PM >>>
I was talking to a junior security administartor working for a big telecom company. He said something which is worrying. After few years of IPS deployment in particular department, they decided to remove IPS devices. It was felt that they did not find enough ROI to justify 2 dedicated personnel to monitor and analyze IDS/IPS logs and reports. It apperas that no major incidents were detected by network IPS devices. they felt that signature coverage is either poor or not timely. i also was told that these IPS devices are from industry leaders. Can you share your experiences? Any examples of successful detection and prevention of major attacks and penetration by IPS devices. Thanks Ravi
Current thread:
- ROI on IDS/IPS products Ravi Chunduru (Feb 27)
- Re: ROI on IDS/IPS products Jeff Kell (Feb 27)
- Re: ROI on IDS/IPS products Aaron Turner (Feb 27)
- Re: ROI on IDS/IPS products Martin Roesch (Feb 27)
- RE: ROI on IDS/IPS products Pete Lindstrom (Feb 27)
- <Possible follow-ups>
- Re: ROI on IDS/IPS products Jeremy Walczak (Feb 27)
- Re: ROI on IDS/IPS products sant-bar (Feb 27)
- Re: ROI on IDS/IPS products Jeff Kell (Feb 27)