IDS mailing list archives
RE: Value of IDS, ROI
From: "Eric Hines" <eric.hines () appliedwatch com>
Date: Thu, 5 May 2005 08:58:29 -0500
Visscher, I completely disagree with you. ROI can and should be calculated in the acquisition of any security solution, INCLUDING IDS. Your very argument is contradictory to what you're saying as the early warning of a compromise and making the IT security department more efficient is the very definition of ROI. Let me define it for you, Return on Investment is calculating returns on the investment made in a particular item or person. ROI should be used when evaluating the purchase of any solution. My employees time is money, wasted time equals to loss in money. If they can save 4-8 hours when investigating an incident at $250.00/hr == $2,000 and my security solution cost $800, I've made $1,200 back in ROI. There are many instances in which ROI has been realized. For example: 1) An IPS stopping a worm at the perimeter of a network, preventing widespread infection. A company calculating the costs from a previous worm outbreak can easily calculate ROI on the purchase of their IPS. 2) A recent incident I was responding to whereupon a company was able to begin shipping product after being down only a few hours rather than all day. If they would have been down all day, this lab wouldn't have been able to ship over $4 million in product. That solution only cost them $12K.. That's a $3.9 million realized ROI. There are too many real world situations of ROI realized on the purchase of security solutions rather than referencing an opinionated BLOG post made by Richard on Tao Security. Why do you keep referencing it anyway, is it because he reviewed Sguil in the Tao book? Jason, one of the many answers to your question would be to find out how much time the IDS has saved you in centralizing all of the alerts on your network, sped up the response time to real incidents, and reduced wasted time in investigating false positives. Take that time and multiply it by your hourly rate, this is one of many formulas you can use in calculating the ROI for the purchase of your IDS'. Several ROI formulas exist out there. Just google some.. Here is one I just found. http://searchcio.techtarget.com/ateQuestionNResponse/0,289625,sid19_cid56833 5_tax292624,00.html "Do you have any simple ROI formulas that utilize Excel? This question posed on 20 January 2004 The base ROI formula, which can easily be plugged into Excel, is: (benefits - cost) / benefits * 100 percent The benefits and costs are the cumulative of all benefits over the analysis period -- typically three to five years for any IT project, but no longer. Of course, the details on exactly how to calculate the benefits and costs for a particular project is the more difficult part as each company has unique opportunity for benefits, costs and risks and each project's unique costs and benefits need to be calculated at a detailed level. To access ROI calculators for more complex initiatives, Alinean has samples developed for several leading IT vendors including HP, SAP, EMC, Intel and Sunguard available here. In addition, more detail on the ROI calculation and other key financial performance measurements can be found in my free e-book: IT Value Chain Management (Alinean Press, 2003). " Best Regards, Eric Hines, GCIA, CISSP CEO, President, Chairman Applied Watch Technologies, LLC 1134 N. Main St. Algonquin, IL 60102 Tel: (877) 262-7593 e:327 Fax: (877) 262-7593 Mob: (847) 456-6785 Web: http://www.appliedwatch.com ---------------------------------------------------------------------------- - Enterprise Snort Management at http://www.appliedwatch.com. Security Information Management for the Open Source Enterprise. ---------------------------------------------------------------------------- - -----Original Message----- From: Bamm Visscher [mailto:bamm.visscher () gmail com] Sent: Wednesday, May 04, 2005 8:44 AM To: Jason Patel Cc: focus-ids () securityfocus com Subject: Re: Value of IDS, ROI There is no calculating ROI for security (including IDS) [0]. A CIO should be able to understand that. Security is about mitigating loss, much like insurance. You should focus on explaining how your IDS implementation will help protect the investment your company has made in IT. An IDS should provide early warnings of a compromise and other security events. It will also help you quickly determine the scope of the event, escalate the activity to the correct departments, and the data gathered will make the remediation effort more efficient. Bammkkkk [0] http://taosecurity.blogspot.com/2004/04/calculating-security-roi-is-waste-of .html On 3 May 2005 18:15:19 -0000, Jason Patel <patel1210 () yahoo com> wrote:
I was wondering how big companies CIO show their executives Return of
investment on IDS. What is the monitoring strategy for IDS alerts. I am trying to figure monitoring strategy and how to show my executive that how important job this is, but cant come up with a convincing solution. Anyhelp is highly appreciated.
Thanks, Jason ---------------------------------------------------------------------- ---- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ---------------------------------------------------------------------- ----
-- sguil - The Analyst Console for NSM http://sguil.sf.net -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. -------------------------------------------------------------------------- -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. --------------------------------------------------------------------------
Current thread:
- Value of IDS, ROI Jason Patel (May 03)
- RE: Value of IDS, ROI Ed Gibbs (May 03)
- Re: Value of IDS, ROI Vladimir Vuksan (May 03)
- Re: Value of IDS, ROI Bamm Visscher (May 04)
- RE: Value of IDS, ROI Eric Hines (May 06)
- Re: Value of IDS, ROI Bamm Visscher (May 06)
- RE: Value of IDS, ROI Pete Lindstrom (May 06)
- RE: Value of IDS, ROI Eric Hines (May 06)
- <Possible follow-ups>
- Re: Value of IDS, ROI Bob Huber (May 03)
- RE: Value of IDS, ROI Angel L Rivera (May 04)
- Re: Value of IDS, ROI Jason Patel (May 06)
- RE: Value of IDS, ROI John Forristel (SunGard-Chico) (May 06)
- Re: Value of IDS, ROI Chris Byrd (May 06)
- RE: Value of IDS, ROI Federico Lombardo (May 11)
- RE: Value of IDS, ROI THolman (May 19)
- RE: Value of IDS, ROI Justin . Ross (May 28)
(Thread continues...)