Re: ROI on IDS/IPS products

[sant-bar () dsv su se]

What about a risk-based approach for justifying a security investment?

Even in cases when a quantitative risk assessment approach is not possible I find qualitative approach (if effective) 
can be good enough.

Any thoughts? 

It is quite weird for me to see that a telecom is not mature enough vis-a-vis security. Personally I worked for one 
back in 2004 and I think it was quite ahead at the time.

Cheers,

Santiago



------Original Message------
From: Jeremy Walczak
Sender: listbounce () securityfocus com
To: Ravi Chunduru
To: Focus IDS
Subject: Re: ROI on IDS/IPS products
Sent: 27 Feb 2009 19:47

Interesting paper from SANS. Link below. It in part discusses why
there is no such thing as ROI for security spending, and instead tries
to focus the decision on either an "investment" or "goal" based
justification. Perhaps the paper would help to generate ideas on other
ways to sell the investment to the company.


http://www.sans.org/reading_room/whitepapers/dlp/rss/the_business_justification_for_data_security_33033


Jeremy


> > > Ravi Chunduru <ravi.is.chunduru () gmail com> 2/27/2009 12:08 PM >>>

I was talking to a junior security administartor working for a big
telecom company.  He said something which is worrying.  After few
years of IPS deployment in particular department, they  decided to
remove IPS devices.  It was felt that they did not find enough ROI to
justify 2 dedicated personnel to monitor and analyze IDS/IPS logs and
reports. It apperas that no major incidents were detected by network
IPS devices.  they felt that signature coverage is either poor or not
timely. i also was told that these IPS devices are from industry
leaders.

Can you share your experiences?  Any examples of successful detection
and prevention of major attacks and penetration by IPS devices.

Thanks
Ravi