IDS mailing list archives
RE: ROI on IDS/IPS products
From: "Pete Lindstrom" <petelind () spiresecurity com>
Date: Fri, 27 Feb 2009 14:52:54 -0500
ROI is simply a term people use to express value. It is unlikely that an enterprise security professional will have a choice to dictate what term is used to their CFO or other financial folks. The SANS paper conflates security ROI (about reduced cost) and ROSI (about reduced risk). More here: http://spiresecurity.typepad.com/spire_security_viewpoint/2009/02/setting-th e-record-straight-on-roi-in-security.html Regards, Pete Pete Lindstrom Research Director Spire Security 610-644-9064 blog: http://spiresecurity.typepad.com
-----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Martin Roesch Sent: Friday, February 27, 2009 1:47 PM To: Ravi Chunduru Cc: Focus IDS Subject: Re: ROI on IDS/IPS products Bejtlich does lots of writing around security ROI and whether ROI is even an appropriate term when applied to security spending. Try this link and have a read. http://taosecurity.blogspot.com/search?q=roi Marty On Fri, Feb 27, 2009 at 12:08 PM, Ravi Chunduru <ravi.is.chunduru () gmail com> wrote:I was talking to a junior security administartor working for a big telecom company. He said something which is worrying. After few years of IPS deployment in particular department, they decided to remove IPS devices. It was felt that they did not find enough ROI to justify 2 dedicated personnel to monitor and analyze IDS/IPS logs and reports. It apperas that no major incidents were detected by network IPS devices. they felt that signature coverage is either poor or not timely. i also was told that these IPS devices are from industry leaders. Can you share your experiences? Any examples of successful detection and prevention of major attacks and penetration by IPS devices. Thanks Ravi-- Martin Roesch - Founder/CTO, Sourcefire Inc. - +1-410-290-1616 Sourcefire - Security for the Real World - http://www.sourcefire.com Snort: Open Source IDP - http://www.snort.org
Current thread:
- ROI on IDS/IPS products Ravi Chunduru (Feb 27)
- Re: ROI on IDS/IPS products Jeff Kell (Feb 27)
- Re: ROI on IDS/IPS products Aaron Turner (Feb 27)
- Re: ROI on IDS/IPS products Martin Roesch (Feb 27)
- RE: ROI on IDS/IPS products Pete Lindstrom (Feb 27)
- <Possible follow-ups>
- Re: ROI on IDS/IPS products Jeremy Walczak (Feb 27)
- Re: ROI on IDS/IPS products sant-bar (Feb 27)
- Re: ROI on IDS/IPS products Jeff Kell (Feb 27)