IDS mailing list archives

RE: Recent anti-NIDS Gartner article

From: "Reverman, Peter C" <peter.c.reverman () intel com>
Date: Tue, 17 Jun 2003 10:41:50 -0700

Disclaimer:  My views are not the views of my company, etc., etc.
==================================================================
Because not everyone wants to spend the money on NIDS as they don't understand the value (loss prevented).  

This is the typical money allocation question, just like everyone has locks on their doors but far fewer have cameras, 
there will be only cameras installed (IDS's) where there is money budgeted (Unclear loss prevention - IDS have an 
unclear perception of value due to complexity) allocated but there will always be locks (firewalls - clear perception 
of loss prevention) because of perception they prevent loss.

IDS's provide proof of attack (proof of loss=$) which provides forensics for investigations which leads to actions in 
some cases that stop a problem (eliminated loss to the business.   

It is all about loss prevention and proof that attacks are happening now which now can be prevented (loss prevention).  

        ROI = (Loss Prevented) - (Cost of IDS system).

This formula indicates you better not spend more on IDS than the loss prevented to get positive ROI.

Calculating loss prevention is fairly easy using the many available examples (FBI study 2002) to show current losses 
being incurred around the globe.

Thanks, Peter


-----Original Message-----
From: Mike Blomgren [mailto:mike.blomgren () secode com]
Sent: Tuesday, June 17, 2003 9:27 AM
To: focus-ids () securityfocus com
Subject: RE: Recent anti-NIDS Gartner article


If IDS is the looser, and a firewall is the solution - then why do we
have surveillance cameras when we would be better off with good locks on
our doors? 



-------------------------------------------------------------------------------
Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the 
world's premier technical IT security event! 10 tracks, 15 training sessions, 
1,800 delegates from 30 nations including all of the top experts, from CSO's to 
"underground" security specialists.  See for yourself what the buzz is about!  
Early-bird registration ends July 3.  This event will sell out. www.blackhat.com
-------------------------------------------------------------------------------

-------------------------------------------------------------------------------
Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the
world's premier technical IT security event! 10 tracks, 15 training sessions,
1,800 delegates from 30 nations including all of the top experts, from CSO's to
"underground" security specialists.  See for yourself what the buzz is about!
Early-bird registration ends July 3.  This event will sell out. www.blackhat.com
-------------------------------------------------------------------------------

Current thread:

Recent anti-NIDS Gartner article Ron Gula (Jun 17)
- RE: Recent anti-NIDS Gartner article Mike Blomgren (Jun 17)
  - Re: Recent anti-NIDS Gartner article Stephen Samuel (Jun 18)
- Re: Recent anti-NIDS Gartner article nyec (Jun 17)
- Re: Recent anti-NIDS Gartner article Stephen P. Berry (Jun 18)
- <Possible follow-ups>
- RE: Recent anti-NIDS Gartner article Reverman, Peter C (Jun 17)
  - RE: Recent anti-NIDS Gartner article - BruteForce Security Robert J. Mehler (Jun 17)
    - Recent anti-NIDS Gartner article Srinivasa Rao Addepalli (Jun 18)
  - RE: Recent anti-NIDS Gartner article Jim Butterworth (Jun 18)
    - Re: Recent anti-NIDS Gartner article Michael Sierchio (Jun 18)
- Re: Recent anti-NIDS Gartner article Srinivasa Rao Addepalli (Jun 18)
  - Re: Recent anti-NIDS Gartner article Stephen Samuel (Jun 19)
    - Re: Recent anti-NIDS Gartner article Srinivasa Rao Addepalli (Jun 22)
  - RE: Recent anti-NIDS Gartner article Jim Butterworth (Jun 19)
- RE: Recent anti-NIDS Gartner article Hall, Andrew (DPRS) (Jun 19)
  - RE: Recent anti-NIDS Gartner article Paul Benedek (Jun 22)

(Thread continues...)