RE: Recent anti-NIDS Gartner article - BruteForce Security

["Robert J. Mehler" <rmehler () bruteforcesecurity com>]

Like everything Gartner reports, its' analysis should be viewed as what they
see, know and experience through their proprietary lens and metrics.  I
believe their comments are mixed reactions based on market indicators
driving leaner technology teams resulting in rolled up functions as well as
the basic fact that IDS-IPS is being commoditized and will eventually be
integrated into existing Firewall - Perimeter environments.

Second, the fact that security teams have not spent enough time selling 
defense of intellectual property and applications, has only caused 
management teams to see decreased value on even caring if people are viewing
logs in the first place, let alone further investing into their perimeter,
where business boundaries have outgrown the logical perimeter of companies.

The key here is that the technology-security community may not be in touch
with their management teams to engage them in a level of dialogue that would
help them see values to security.  Why should management care, they were
killed with Y2K, then .COM over expenditures.  The only synthesized
technology vision out there for the most part apart from strategy VAR's are
those defacto created by the product companies pushing product and
backfilling solution.

**Security teams need to see the world without 'perimeter' and operate in 
a dynamic-mobile sense where persistent security of Intellectual 
property and applications will provide the security for the types of 
things that corporations are caring more and more about each day.  This is
NOT call for getting rid of perimeter security, which would be rather
impossible, but a more business oriented focus on centers of gravity - i.e.
swarm theory of security.

Those are my thoughts.

Humbly and Respectfully,

Robert J. Mehler
Chief Information Officer

(203) 761-9249 office
(917) 495-7030 mobile
(203) 761-0038 fax
rmehler () bruteforcesecurity com
http://www.bruteforcesecurity.com
Information Security Architects and Integrators 


-----Original Message-----
From: Reverman, Peter C [mailto:peter.c.reverman () intel com] 
Sent: Tuesday, June 17, 2003 1:42 PM
To: Mike Blomgren; focus-ids () securityfocus com
Subject: RE: Recent anti-NIDS Gartner article

Disclaimer:  My views are not the views of my company, etc., etc.
==================================================================
Because not everyone wants to spend the money on NIDS as they don't
understand the value (loss prevented).  

This is the typical money allocation question, just like everyone has locks
on their doors but far fewer have cameras, there will be only cameras
installed (IDS's) where there is money budgeted (Unclear loss prevention -
IDS have an unclear perception of value due to complexity) allocated but
there will always be locks (firewalls - clear perception of loss prevention)
because of perception they prevent loss.

IDS's provide proof of attack (proof of loss=$) which provides forensics for
investigations which leads to actions in some cases that stop a problem
(eliminated loss to the business.   

It is all about loss prevention and proof that attacks are happening now
which now can be prevented (loss prevention).  

        ROI = (Loss Prevented) - (Cost of IDS system).

This formula indicates you better not spend more on IDS than the loss
prevented to get positive ROI.

Calculating loss prevention is fairly easy using the many available examples
(FBI study 2002) to show current losses being incurred around the globe.

Thanks, Peter


-----Original Message-----
From: Mike Blomgren [mailto:mike.blomgren () secode com]
Sent: Tuesday, June 17, 2003 9:27 AM
To: focus-ids () securityfocus com
Subject: RE: Recent anti-NIDS Gartner article


If IDS is the looser, and a firewall is the solution - then why do we
have surveillance cameras when we would be better off with good locks on
our doors? 



----------------------------------------------------------------------------
---
Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the 
world's premier technical IT security event! 10 tracks, 15 training
sessions, 
1,800 delegates from 30 nations including all of the top experts, from CSO's
to 
"underground" security specialists.  See for yourself what the buzz is
about!  
Early-bird registration ends July 3.  This event will sell out.
www.blackhat.com
----------------------------------------------------------------------------
---

----------------------------------------------------------------------------
---
Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the 
world's premier technical IT security event! 10 tracks, 15 training
sessions, 
1,800 delegates from 30 nations including all of the top experts, from CSO's
to 
"underground" security specialists.  See for yourself what the buzz is
about!  
Early-bird registration ends July 3.  This event will sell out.
www.blackhat.com
----------------------------------------------------------------------------
---



-------------------------------------------------------------------------------
Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the
world's premier technical IT security event! 10 tracks, 15 training sessions,
1,800 delegates from 30 nations including all of the top experts, from CSO's to
"underground" security specialists.  See for yourself what the buzz is about!
Early-bird registration ends July 3.  This event will sell out. www.blackhat.com
-------------------------------------------------------------------------------