RE: Testimonials on IDS

["Ross, George" <george.ross () atlahq org>]

I wanted to get on my soap box for this one Willie but long story short.
Shame on you.  I go through the same thing with my employees, asking
them to justify and they rarely can.  We can offer suggestions here
about what you should tell them but based on your environment you should
be able to tell what benefits is brought to your company up to this
point.  Not only that it depends on how your IDS has been implemented
(we don't get the benefit on the comment below because of our firewall
structure) and which IDS you have.  

With that said, a major justification for your company may be worms,
trojans and other code pass through packets that a normal virus
detection software could not catch either because it is waiting for a
signature file update or it just doesn't look for SQL slammer, etc. type
worms.  Remember to focus on tiered structure when speaking with
management about these issue, IDS is a first line defense, next is the
firewall, etc, etc.

-----Original Message-----
From: Eric Hines [mailto:eric.hines () appliedwatch com] 
Sent: Monday, June 07, 2004 11:41 AM
To: 'willie domingo'; focus-ids () securityfocus com
Subject: RE: Testimonials on IDS


Willie,

I used to do a large amount of consulting before I started Applied Watch
and can provide a testimonial. Not only can IDS' be used for real-time
detection, but they can also operate as an incredible post-mortem tool
for finding and locating worm compromised hosts. In the consulting gig I
was on recently, I used their IDS' to find and locate Sasser infected
machines so we knew exactly which machines were infected so we could get
them cleaned and patched. IDS' also offer an awesome post-mortem tool
when a worm outbreak has occurred. Hope this helps.


Best Regards,

Eric Hines, GCIA
CEO, President
Applied Watch Technologies, Inc.
4204 Commercial Way
Glenview, IL 60025
Direct: (877) 262-7593 x327 
Fax: (877) 262-7593
http://www.appliedwatch.com



-----Original Message-----
From: willie domingo [mailto:wedomingo () hotmail com] 
Sent: Sunday, June 06, 2004 8:25 PM
To: focus-ids () securityfocus com
Subject: Testimonials on IDS

Hi List,

I am having a problem getting the budget for upgrading the signature of
my IDS.  One of the requirements being asked of me is to produce
testimonials from IDS users of the benefit derived from having it.  We
have already asked our vendor to provide such but these were only
branded as salesmanthing.  
What they want are experiences from security people and not the vendor.

What I need is a real life experience on having IDS.  What were the
security issues that you were able to address and how did IDS help you
on this?  
Aside from detecting intrusions are there any other use of IDS for your
organization?

Thanks in advanced.

Willie

_________________________________________________________________
Help STOP SPAM with the new MSN 8 and get 2 months FREE*
http://join.msn.com/?page=features/junkmail


------------------------------------------------------------------------
---

------------------------------------------------------------------------
---




------------------------------------------------------------------------
---

------------------------------------------------------------------------
---


---------------------------------------------------------------------------

---------------------------------------------------------------------------