IDS mailing list archives

Re: ROI on IDS/IPS products

From: aditya mukadam <aditya.mukadam () gmail com>
Date: Wed, 4 Mar 2009 18:25:06 +0530

 It was felt that they did not find enough ROI to

justify 2 dedicated personnel to monitor and analyze IDS/IPS logs and
reports. It apperas that no major incidents were detected by network
IPS devices. i also was told that these IPS devices are from industry
leaders.


I read the above with below example :
A residential building has a gate,wall and few security personnel for
safety against theft etc. In two years, there was no major theft or
issues and hence the residents decided to remove the building gate,
security personnel !  Oh yes, the security guards were black cat
commandos !

Your discussion with the security administrator was very interesting
however it would be good to know:
1) How and were are the IPSs placed in the network ?
2) What Signature profile are they using for these IPSs ? Many IPSs
comes with default settings for low detection.
3) Did they tune the IPSs as per their own requirement ?
4) How often they patched the IPSs ?
Lastly, are the IPSs purchased because they were needed *or*  the
company was fooled to buy it or had budget/ policies/ vendor
commitment to buy it   ?

It all depends what are you safe guarding !

For example: A common man's residential building will have 1 security
guard however the President's residence will have range of security
gadgets, various check points, many many security guards !!!

Thanks,
Aditya Govind Mukadam


On Fri, Feb 27, 2009 at 10:38 PM, Ravi Chunduru
<ravi.is.chunduru () gmail com> wrote:

I was talking to a junior security administartor working for a big
telecom company.  He said something which is worrying.  After few
years of IPS deployment in particular department, they  decided to
remove IPS devices.  It was felt that they did not find enough ROI to
justify 2 dedicated personnel to monitor and analyze IDS/IPS logs and
reports. It apperas that no major incidents were detected by network
IPS devices.  they felt that signature coverage is either poor or not
timely. i also was told that these IPS devices are from industry
leaders.

Can you share your experiences?  Any examples of successful detection
and prevention of major attacks and penetration by IPS devices.

Thanks
Ravi

Current thread:

Re: ROI on IDS/IPS products, (continued)
- - - Re: ROI on IDS/IPS products Stefano Zanero (Mar 06)
    - Re: ROI on IDS/IPS products Webmaster 003 (Mar 03)
    - Re: ROI on IDS/IPS products Joel M Snyder (Mar 03)
    - Re: ROI on IDS/IPS products Joel Jaeggli (Mar 05)
    - Re: ROI on IDS/IPS products Webmaster 003 (Mar 05)
    - Re: ROI on IDS/IPS products Joel M Snyder (Mar 05)
    - Re: ROI on IDS/IPS products Ravi Chunduru (Mar 06)
    - Re: ROI on IDS/IPS products Joel Jaeggli (Mar 06)
- Re: ROI on IDS/IPS products Joel Jaeggli (Mar 02)
- Re: ROI on IDS/IPS products Mark Stingley (Mar 02)
- Re: ROI on IDS/IPS products aditya mukadam (Mar 04)
  - RE: ROI on IDS/IPS products Kirk, James P. (Mar 05)