SecurityFocus

Is IDS/IPS worthless? Feb 20 2004 04:31PM
Andrew Plato (aplato anitian com) (12 replies)

Re: Is IDS/IPS worthless? Feb 23 2004 06:35PM
SecurIT Informatique Inc. (securit iquebec com) (1 replies)

RE: Is IDS/IPS worthless? Feb 23 2004 10:29PM
Martin (mleroux lincsat com)

RE: Is IDS/IPS worthless? Feb 23 2004 05:38PM
Wolfpaw - Dale Corse (admin-lists wolfpaw net)

Re: Is IDS/IPS worthless? Feb 23 2004 02:35PM
Pablo Scherer (pablo_scherer yahoo com)

RE: Is IDS/IPS worthless? Feb 23 2004 11:02AM
Oscar Kooijman (oscar kooijman chello nl)

Re: Is IDS/IPS worthless? Feb 21 2004 11:53PM
Olaf Gellert (og pre-secure de) (2 replies)

Re: Is IDS/IPS worthless? Feb 23 2004 11:24PM
Mike Hoskins (mike adept org)

Re: Is IDS/IPS worthless? Feb 23 2004 08:09PM
SecurIT Informatique Inc. (securit iquebec com) (2 replies)

Re: Is IDS/IPS worthless? Feb 24 2004 04:35PM
Xiaoyong Wu (xwu anr mcnc org) (1 replies)

Re: Is IDS/IPS worthless? Feb 25 2004 03:42AM
Michael Stone (mstone mathom us)

Re: Is IDS/IPS worthless? Feb 23 2004 10:48PM
Olaf Gellert (og pre-secure de) (1 replies)

Re: Is IDS/IPS worthless? Feb 24 2004 03:19AM
SecurIT Informatique Inc. (securit iquebec com)

Re: Is IDS/IPS worthless? Feb 21 2004 09:04PM
Andy Cuff (lists securitywizardry com) (1 replies)

Re: Is IDS/IPS worthless? Feb 23 2004 11:12PM
Mike Hoskins (mike adept org)

Re: Is IDS/IPS worthless? Feb 21 2004 03:40PM
Michael Stone (mstone mathom us)

RE: Is IDS/IPS worthless? Feb 21 2004 03:13PM
Brian Taylor (drak3 attbi com) (1 replies)

RE: Is IDS/IPS worthless? Feb 24 2004 02:06AM
Fergus Brooks (fergusb evolve-online com) (1 replies)

RE: Is IDS/IPS worthless? Feb 24 2004 01:03PM
Duston Sickler (dustons charter net)

RE: Is IDS/IPS worthless? Feb 21 2004 03:13PM
Omar Herrera (oherrera prodigy net mx)

Re: Is IDS/IPS worthless? Feb 21 2004 02:27PM
Konrad Rieck (kr roqe org)

On Fri, 2004-02-20 at 17:31, Andrew Plato wrote:
> So this speaker then challenged me to come up with verifiable metrics. I
> replied that he would have to define what metrics he wants? What does he
> consider a "viable metric" for performance. He said "did they sell more
> products, make more money?" I replied "why is that the only metric that
> businesses can understand?

IT security is about keeping money - not making it. IDS/IPS reduce the
the probability of an undetected compromise. Depending on your setup,
environment and data such a compromise may result in an enormous
financial loss.

The relation between

...the probability of a successful compromise in respect to the
resulting costs

and

...the probability for a detection in respect to the maintenance
costs of an IDS/IPS solution

form a verifiable metric (unless you talk with someone who can't deal
with probabilities).

Here's nice paper on that topic...

"Cost-Benefit Analysis for Network Intrusion Detection Systems"
http://www.csds.uidaho.edu/director/costbenefit.pdf

Regards,
Konrad

--
Konrad Rieck <kr (at) roqe (dot) org [email concealed]> ------------ http://people.roqe.org/kr
Fingerprint - 7D55 5896 834A A1C8 303C - 8BC5 4C53 3611 C1FA 82F2

[ reply ]

Re: Is IDS/IPS worthless? Feb 21 2004 01:30AM
Josh Tolley (josh raintreeinc com)

Re: Is IDS/IPS worthless? Feb 21 2004 12:05AM
Mike Lyman (mlyman-security comcast net) (2 replies)

Re: Is IDS/IPS worthless? Feb 26 2004 09:11AM
Stefano Zanero (stefano zanero ieee org) (1 replies)

Re: Is IDS/IPS worthless? Mar 02 2004 11:21PM
George Capehart (gwc acm org)

RE: Is IDS/IPS worthless? Feb 24 2004 01:43AM
Fergus Brooks (fergusb evolve-online com)