RE: Is IDS/IPS worthless?

["Fergus Brooks" <fergusb () evolve-online com>]

Interesting statistic I read in the South China Morning Post this morning is
that only 1.6% of companies surveyed in Hong Kong have IDS but ~45% have
firewalls. Most have at least 1.5meg DSL. The firewall stat is a large
increase over the last few years - IDS is little changed.

So either the value of IDS is not being discussed with companies or the
merits aren't apparent due to poor marketing etc.

It can be a scary acronym-filled technology for end-users and a lot of
businesses simply couldn't care less if someone goes poking around their
perimeter. A few perceptions I guess it is up to the consultants and
integrators to remedy.

Can anyone tell me what the IDS take-up stats relative to firewalls are like
in the US or Europe?

Rgds...


-----Original Message-----
From: Mike Lyman [mailto:mlyman-security () comcast net] 
Sent: Saturday, 21 February 2004 8:05 AM
To: focus-ids () securityfocus com
Subject: Re: Is IDS/IPS worthless?

On Fri, 2004-02-20 at 10:31, Andrew Plato wrote:
> So this speaker then challenged me to come up with verifiable metrics. 
> I replied that he would have to define what metrics he wants? What 
> does he consider a "viable metric" for performance.  He said "did they 
> sell more products, make more money?"  I replied "why is that the only 
> metric that

Standard security ROI question when security doesn't have an ROI unless
you're selling security. Do locks on the doors help you sell more product
(unless you sell locks) or sprinkler heads in the ceilings help you make
more money? 

> What is happening here?  Anybody have any idea why there is a growing 
> "anti-IDS" attitude. Is it the failure of IDS to produce value in an

I think most people approach IDS/IPS to stop hacking and to stop virus and
worms and they just can't do that job 100%. You can throw all the resources
you want at IDS and it still won't be able to prevent all security breaches.
> From that point of view, it's a bottomless pit. You can put in as many
sensors as you want and put as many people watching the data as you want and
you still won't stop everything.

There are realistic approaches and values for IDS/IPS to be had for a
reasonable investment. Unfortunately they are not marketed that way or
priced that way. (well for the most part they aren't priced that way) I
think too many have fallen for the marketing and reality has long since set
in. That may bring some reality to the marketing and the pricing.
--
Mike Lyman <mlyman-security () comcast net>


---------------------------------------------------------------------------
Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection

Protect your network with the comprehensive security solution that
integrates 
six applications for ease of use and lower TCO.

Firewall - Virus protection - Spam protection - URL blocking - VPN
- Wireless security.

Download 30-day evaluation at:
http://www.securityfocus.com/sponsor/Astaro_focus-ids_040219
---------------------------------------------------------------------------

--
This message has been scanned by AVMail


---------------------------------------------------------------------------
Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection

Protect your network with the comprehensive security solution that integrates 
six applications for ease of use and lower TCO.

Firewall - Virus protection - Spam protection - URL blocking - VPN
- Wireless security.

Download 30-day evaluation at:
http://www.securityfocus.com/sponsor/Astaro_focus-ids_040219
---------------------------------------------------------------------------