FW: Cost of Worm Attack Protection

["Braun, Mike" <MBraun () firstam com>]

The old saying of "you get what you pay for" seems to be well directed when
it comes to this topic.  If you're willing to allocate $100K more than you
currently spend to mitigating the effects from Worms and Viruses, I'm sure
you will have some increased success.  If you allocate 1 mill more, your
success will increase substantially.  The true cost really boils down to
what you are trying to protect, such as how many servers, users, network
segments, and other critical devices you are willing to encompass in your
protection plan.  Also, you may be able to mitigate the cost by using the
functionality built into devices you may already own.  A good protection
schema needs to address the use and benefits from the following:  Firewalls,
VPN tunnels and policies, HIDs, NIDs, Antivirus software, and a good network
security policy that grows with your network.  You may already have most of
this in place and need only a little extra funding allocated to give you the
protection level you feel comfortable with.  

If you're looking for pricing on each component, they will vary widely
depending on the brand and model you go with.  You should shop around for
components that suit your budget.  An example of this price variance can be
found by looking at a Net Forensics project priced at $500k compared to a
similar solution going will Network Intelligence at $40K.  The Network
Intelligence solution may not have all the functionality offered by Net
Forensics, but it may be enough for your needs. 

Best of luck in fighting this ever growing problem,

Mike Braun

-----Original Message-----
From: sgorman1 () gmu edu [mailto:sgorman1 () gmu edu] 
Sent: Thursday, November 13, 2003 7:59 AM
To: Joel Jaeggli
Cc: nanog () merit edu
Subject: Re: Cost of Worm Attack Protection



Good point - then what is the cost of attempting to mitigate or handle
attacks vs. doing nothing?

----- Original Message -----
From: Joel Jaeggli <joelja () darkwing uoregon edu>
Date: Thursday, November 13, 2003 10:14 am
Subject: Re: Cost of Worm Attack Protection

> I haven't seen any network or customer site that has protected 
> itself from 
> worms... only mitigated them.
>
> joelja
>
> On Thu, 13 Nov 2003 sgorman1 () gmu edu wrote:
>
> > I was hoping to get some estimates from folks on the costs of 
> defending> networks from various worm attacks.  It is a pretty 
> wide open question,
> > but if anyone has some rough estimates of what it costs per edge,
> > manpower vs. equipment costs, or any combination thereof it 
> would be of
> > great assistance.  We are doing some simulations of attack and 
> defense> strategies and looking for some good metrics to plug into 
> a cost benefit
> > model.  We'd be happy to share the results if anyone is 
> interested as
> > well.
> >
> > Thanks in advance,
> >
> > sean
>
> -- 
> -------------------------------------------------------------------
> ------- 
> Joel Jaeggli                 Unix Consulting                
> joelja () darkwing uoregon edu    
> GPG Key Fingerprint:     5C6E 0104 BAF0 40B0 5BD3 C38B F000 35AB 
> B67F 56B2


"MMS <firstam.com>" made the following
 annotations on 11/13/2003 12:03:21 PM
------------------------------------------------------------------------------
"THIS E-MAIL MESSAGE AND ANY FILES TRANSMITTED HEREWITH, ARE INTENDED SOLELY FOR THE USE OF THE INDIVIDUAL(S) ADDRESSED 
AND MAY CONTAIN CONFIDENTIAL, PROPRIETARY OR PRIVILEGED INFORMATION.  IF YOU ARE NOT THE ADDRESSEE INDICATED IN THIS 
MESSAGE (OR RESPONSIBLE FOR DELIVERY OF THIS MESSAGE TO SUCH PERSON) YOU MAY NOT REVIEW, USE, DISCLOSE OR DISTRIBUTE 
THIS MESSAGE OR ANY FILES TRANSMITTED HEREWITH.  IF YOU RECEIVE THIS MESSAGE IN ERROR, PLEASE CONTACT THE SENDER BY 
REPLY E-MAIL AND DELETE THIS MESSAGE AND ALL COPIES OF IT FROM YOUR SYSTEM."
==============================================================================