IDS mailing list archives
RE: Recent anti-NIDS Gartner article - BruteForce Security
From: "Robert J. Mehler" <rmehler () bruteforcesecurity com>
Date: Tue, 17 Jun 2003 14:53:17 -0400
Like everything Gartner reports, its' analysis should be viewed as what they see, know and experience through their proprietary lens and metrics. I believe their comments are mixed reactions based on market indicators driving leaner technology teams resulting in rolled up functions as well as the basic fact that IDS-IPS is being commoditized and will eventually be integrated into existing Firewall - Perimeter environments. Second, the fact that security teams have not spent enough time selling defense of intellectual property and applications, has only caused management teams to see decreased value on even caring if people are viewing logs in the first place, let alone further investing into their perimeter, where business boundaries have outgrown the logical perimeter of companies. The key here is that the technology-security community may not be in touch with their management teams to engage them in a level of dialogue that would help them see values to security. Why should management care, they were killed with Y2K, then .COM over expenditures. The only synthesized technology vision out there for the most part apart from strategy VAR's are those defacto created by the product companies pushing product and backfilling solution. **Security teams need to see the world without 'perimeter' and operate in a dynamic-mobile sense where persistent security of Intellectual property and applications will provide the security for the types of things that corporations are caring more and more about each day. This is NOT call for getting rid of perimeter security, which would be rather impossible, but a more business oriented focus on centers of gravity - i.e. swarm theory of security. Those are my thoughts. Humbly and Respectfully, Robert J. Mehler Chief Information Officer (203) 761-9249 office (917) 495-7030 mobile (203) 761-0038 fax rmehler () bruteforcesecurity com http://www.bruteforcesecurity.com Information Security Architects and Integrators -----Original Message----- From: Reverman, Peter C [mailto:peter.c.reverman () intel com] Sent: Tuesday, June 17, 2003 1:42 PM To: Mike Blomgren; focus-ids () securityfocus com Subject: RE: Recent anti-NIDS Gartner article Disclaimer: My views are not the views of my company, etc., etc. ================================================================== Because not everyone wants to spend the money on NIDS as they don't understand the value (loss prevented). This is the typical money allocation question, just like everyone has locks on their doors but far fewer have cameras, there will be only cameras installed (IDS's) where there is money budgeted (Unclear loss prevention - IDS have an unclear perception of value due to complexity) allocated but there will always be locks (firewalls - clear perception of loss prevention) because of perception they prevent loss. IDS's provide proof of attack (proof of loss=$) which provides forensics for investigations which leads to actions in some cases that stop a problem (eliminated loss to the business. It is all about loss prevention and proof that attacks are happening now which now can be prevented (loss prevention). ROI = (Loss Prevented) - (Cost of IDS system). This formula indicates you better not spend more on IDS than the loss prevented to get positive ROI. Calculating loss prevention is fairly easy using the many available examples (FBI study 2002) to show current losses being incurred around the globe. Thanks, Peter -----Original Message----- From: Mike Blomgren [mailto:mike.blomgren () secode com] Sent: Tuesday, June 17, 2003 9:27 AM To: focus-ids () securityfocus com Subject: RE: Recent anti-NIDS Gartner article If IDS is the looser, and a firewall is the solution - then why do we have surveillance cameras when we would be better off with good locks on our doors? ---------------------------------------------------------------------------- --- Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the world's premier technical IT security event! 10 tracks, 15 training sessions, 1,800 delegates from 30 nations including all of the top experts, from CSO's to "underground" security specialists. See for yourself what the buzz is about! Early-bird registration ends July 3. This event will sell out. www.blackhat.com ---------------------------------------------------------------------------- --- ---------------------------------------------------------------------------- --- Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the world's premier technical IT security event! 10 tracks, 15 training sessions, 1,800 delegates from 30 nations including all of the top experts, from CSO's to "underground" security specialists. See for yourself what the buzz is about! Early-bird registration ends July 3. This event will sell out. www.blackhat.com ---------------------------------------------------------------------------- --- ------------------------------------------------------------------------------- Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the world's premier technical IT security event! 10 tracks, 15 training sessions, 1,800 delegates from 30 nations including all of the top experts, from CSO's to "underground" security specialists. See for yourself what the buzz is about! Early-bird registration ends July 3. This event will sell out. www.blackhat.com -------------------------------------------------------------------------------
Current thread:
- Recent anti-NIDS Gartner article Ron Gula (Jun 17)
- RE: Recent anti-NIDS Gartner article Mike Blomgren (Jun 17)
- Re: Recent anti-NIDS Gartner article Stephen Samuel (Jun 18)
- Re: Recent anti-NIDS Gartner article nyec (Jun 17)
- Re: Recent anti-NIDS Gartner article Stephen P. Berry (Jun 18)
- <Possible follow-ups>
- RE: Recent anti-NIDS Gartner article Reverman, Peter C (Jun 17)
- RE: Recent anti-NIDS Gartner article - BruteForce Security Robert J. Mehler (Jun 17)
- Recent anti-NIDS Gartner article Srinivasa Rao Addepalli (Jun 18)
- RE: Recent anti-NIDS Gartner article Jim Butterworth (Jun 18)
- Re: Recent anti-NIDS Gartner article Michael Sierchio (Jun 18)
- RE: Recent anti-NIDS Gartner article - BruteForce Security Robert J. Mehler (Jun 17)
- Re: Recent anti-NIDS Gartner article Srinivasa Rao Addepalli (Jun 18)
- Re: Recent anti-NIDS Gartner article Stephen Samuel (Jun 19)
- Re: Recent anti-NIDS Gartner article Srinivasa Rao Addepalli (Jun 22)
- RE: Recent anti-NIDS Gartner article Jim Butterworth (Jun 19)
- Re: Recent anti-NIDS Gartner article Stephen Samuel (Jun 19)
- RE: Recent anti-NIDS Gartner article Hall, Andrew (DPRS) (Jun 19)
- RE: Recent anti-NIDS Gartner article Paul Benedek (Jun 22)
- Re: Recent anti-NIDS Gartner article Richard Ginski (Jun 19)
- RE: Recent anti-NIDS Gartner article Mike Blomgren (Jun 17)