IDS mailing list archives
ROI (ROSI?) on IDP devices
From: Ravi Chunduru <ravi.is.chunduru () gmail com>
Date: Sat, 28 Feb 2009 11:03:44 -0800
Hi, I got many responses on my previous thread with subject ROI on IDS/IPS devices. Looks like I gave wrong impression that all security measures were taken off. I was specifically pointing out IDP devices. I only wanted to gauge ROI (ROSI?) justification with respect to IDPs specifically. With respect to that I was asking for specific example positive experiences one had or having with IDP devices. I got two responses privately to my previous thread which seem to question the value of IDP devices. One of the responses is interesting and it seems to suggest that after they had chosen "Patch Management Systems", they are hardly finding the use for IDP device. I have taken permission from the responsee to give gist of explanation. It is a Microsoft house, ie mostly Microsoft products are used in the organization. IDP device vendor they went with provides protection measures (rule updates) only when Microsoft releases patches. Some times rules update with Microsoft vulnerabilities are being given after 2 to 7 days by IPS vendor. Patch Management systems would have patched the systems and software by that time rendering IPS protection useless. Client side attack detection by IDP devices is not really effective and anti virus software on desktops seems to do better job. The responsee seems to feel that IDP devices are good only if legacy software is used for which software vendor does not provide patches. It appears that this house has some web applications. To protect from web application attacks, they seem to use web application firewall. With protection provided by "Patch Management System", "Web application firewall" and traditional firewall devices, justification for continuation of IDP devices seem to be on slippery slope. At the end he mentioned that other types of deployments might see value of IDP devices. Other response I got is vague on details and seem to suggest that many buy these devices out of fear, but realize eventually that they are not as effective as they thought. I hope I will get some responses with positive experiences of using IDS/IPS devices. Thanks Ravi
Current thread:
- ROI (ROSI?) on IDP devices Ravi Chunduru (Mar 02)
- Re: ROI (ROSI?) on IDP devices Scott (Mar 03)
- Re: ROI (ROSI?) on IDP devices "Zow" Terry Brugger (Mar 06)