IDS mailing list archives
RE: Is IDS/IPS worthless?
From: "Matthew L. McGuirl" <mmcguirl () lucidsecurity com>
Date: Mon, 23 Feb 2004 10:56:08 -0500
Andrew posed a very interesting and vital question last Friday. The problems he referred to, the sometimes doubtful value of having an IDS and the common misunderstanding of what IDS are supposed to do, is one caused by marketing and buyer education programs that did not properly educate the people who are now questioning the value of these technologies. Most IDS buyers did not sufficiently appreciate the amount of resources, both human and technological, one needs to devote to an IDS to derive any value from them. After all, what good is a mountain of event data (much of it resource-draining false positives) if there is no easy and inexpensive way to extract meaningful data that the organization's IT staff can act on? The fact that most IDS customers need additional tools to find the very few events per day that they care about from the thousands or millions their IDS generates is an indicator that IDS is not a tool most companies actually want. My experience in helping to bring ipANGEL to the market over the past 2 years has taught me that what most people interested in IDS want is a tool that only tells them about relevant attacks against vulnerable hosts. While the industry is bringing to market tools that come close to meeting this need, mainstream IDS tools do not do that. Similarly, I've found that IPS buyers want the same things but are looking for a tool that intercepts legitimate, relevant attacks before the attack can succeed. It's been said that the definition of security is a non-event. However, preventing successful attacks against vulnerable applications & operating systems delivers very meaningful financial results each and every time it happens. The critics of IDS/IPS seldom are aware of the value of the assets their security staff is charged with protecting. Even in cases where the prospect I'm dealing with is ignorant of these critical metrics, I've found that when you explain that each relevant attack that gets blocked translates directly into IT assets that are continuously available and secure. Preventing a scenario like Blaster will save the average enterprise loads of money and even non-technical managers know that by now. Matt Matt McGuirl Lucid Security Corporation Email: mmcguirl at lucidsecurity.com Voice: 215-371-3300 ext. 371 --------------------------------------------------------------------------- Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection Protect your network with the comprehensive security solution that integrates six applications for ease of use and lower TCO. Firewall - Virus protection - Spam protection - URL blocking - VPN - Wireless security. Download 30-day evaluation at: http://www.securityfocus.com/sponsor/Astaro_focus-ids_040219 ---------------------------------------------------------------------------
Current thread:
- Re: Is IDS/IPS worthless?, (continued)
- Re: Is IDS/IPS worthless? Michael Stone (Feb 25)
- Re: Is IDS/IPS worthless? Mike Hoskins (Feb 23)
- Re: Is IDS/IPS worthless? Pablo Scherer (Feb 23)
- RE: Is IDS/IPS worthless? Wolfpaw - Dale Corse (Feb 23)
- Re: Is IDS/IPS worthless? SecurIT Informatique Inc. (Feb 23)
- RE: Is IDS/IPS worthless? Martin (Feb 23)
- RE: Is IDS/IPS worthless? Oscar Kooijman (Feb 24)
- RE: Is IDS/IPS worthless? Bob Walder (Feb 23)
- RE: Is IDS/IPS worthless? BĂ©noni MARTIN (Feb 23)
- RE: Is IDS/IPS worthless? Jeff McLaughlin (Feb 23)
- RE: Is IDS/IPS worthless? Matthew L. McGuirl (Feb 23)
- RE: Is IDS/IPS worthless? Robert Jackson (Feb 23)
- RE: Is IDS/IPS worthless? Cure, Samuel J (Feb 23)
- Re: Is IDS/IPS worthless? Webb Wang CS (Feb 23)
- RE: Is IDS/IPS worthless? DeGennaro, Gregory (Feb 23)
- RE: Is IDS/IPS worthless? Matthew L. McGuirl (Feb 23)
- RE: Is IDS/IPS worthless? Bell, Gregory (ISS Atlanta) (Feb 23)
- IDS/IPS Value Chuck Jenson (Feb 25)
- RE: Is IDS/IPS worthless? Bob Walder (Feb 24)
- RE: Is IDS/IPS worthless? Andrew Plato (Feb 25)
- RE: Is IDS/IPS worthless? Bob Walder (Feb 26)