Hi Andrew,

An interesting Analogy is that an IDS is like hiring a security
guard for your network. If you depend on your inventory for example,
to make money.. You install an alarm system, or hire a guard. If you
don't want to "waste the money" and protect yourself, don't be all
that surprised when someone drives a truck through the front window,
and cleans you out.

They are time consuming to configure, and by no means a guarantee.
But when you consider the seemingly growing global threat to any
machine (especially a business) that is attached to the internet,
I would hardly toss an IDS in the "waste" category.

Just my 2 cents, and pretty much what I would have said in a meeting
such as that :)

Just a blunt IT guy..
D.
--------------------------------
Dale Corse
System Administrator
Wolfpaw Services Inc.
http://www.wolfpaw.net
(780) 474-4095

> -----Original Message-----
> From: Andrew Plato [mailto:aplato (at) anitian (dot) com [email concealed]]
> Sent: Friday, February 20, 2004 9:32 AM
> To: focus-ids (at) securityfocus (dot) com [email concealed]
> Subject: Is IDS/IPS worthless?
>
>
>
> I've noticed something lately and I wonder if anybody else
> has experienced this. At a meeting recently, I was told by a
> number of people that IDS/IPS is a "worthless waste of IT
> resources" and "providing no real value to an organization."
> The speaker at this particular meeting challenged me to say
> "what business goals did the implementation of an IDS/IPS
> achieve?" I responded that an IDS gives insight to what is
> happening on a network and provides critical data to more
> effectively focus resources on real problems. An IPS builds a
> level of trust and protection from intrusions as well as
> insight into the function and behavior of a network. (Okay,
> it was a vanilla answer, I
> admit.)
>
> So this speaker then challenged me to come up with verifiable
> metrics. I replied that he would have to define what metrics
> he wants? What does he consider a "viable metric" for
> performance. He said "did they sell more products, make more
> money?" I replied "why is that the only metric that
> businesses can understand? A lot of complex things go into
> 'making money' and IT operations is a small part of that.
> Marketing, strategic vision, and many other factors have a
> much more profound impact on 'making money' than a single IT
> security solution. However, insight into operations and
> security is a critical component of IT. How do you know you
> have been broken into if you don't have any mechanisms to
> detect those intrusions? There is clear value in investment
> in locks and security cameras, why not have similar
> investments into the digital equivalents."
>
> This shut him up, for a while, but it highlighted a growing
> trend I am noticing. It seems like there are a lot of people
> with an agenda right now to shoot down the value of IPS/IDS
> technologies. IPS in particular seems to be painted as a
> "marketing ploy." I also hear the story "they bought and IDS
> and it just sat in a rack and did nothing" a lot (usually
> from people who don't even know what an IDS does.)
>
> What is happening here? Anybody have any idea why there is a
> growing "anti-IDS" attitude. Is it the failure of IDS to
> produce value in an organization? Is the Gartner "IDS is
> dead" report having THAT much affect on the industry? Are
> the IDS vendors victims of their own over-marketing? Am I a
> paranoid moron?
>
> I am curious to hear other people's ideas on and strategies
> for dealing with these objections.
>
>
> ___________________________________
> Andrew Plato, CISSP
> President/Principal Consultant
> ANITIAN ENTERPRISE SECURITY
>
> 3800 SW Cedar Hills Blvd, Suite 298
> Beaverton, OR 97005
> 503-644-5656 Office
> 503-214-8069 Fax
> 503-201-0821 Mobile
> www.anitian.com
> ___________________________________
>
> GPG fingerprint: 16E6 C5B0 B6CB F287 776E E9A9 AF47 9914 3582
> 633D GPG public key available at:
> http://www.anitian.com/corp/keys.htm
>
>
> --------------------------------------------------------------
> -------------
> Free trial: Astaro Security Linux -- firewall with Spam/Virus
> Protection
>
> Protect your network with the comprehensive security solution
> that integrates
> six applications for ease of use and lower TCO.
>
> Firewall - Virus protection - Spam protection - URL blocking - VPN
> - Wireless security.
>
> Download 30-day evaluation at:
> http://www.securityfocus.com/sponsor/Astaro_fo> cus-ids_040219
>
>
> --------------------------------------------------------------
> -------------
>
>

------------------------------------------------------------------------
---
Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection

Protect your network with the comprehensive security solution that integrates
six applications for ease of use and lower TCO.

Firewall - Virus protection - Spam protection - URL blocking - VPN
- Wireless security.

Download 30-day evaluation at:
http://www.securityfocus.com/sponsor/Astaro_focus-ids_040219
------------------------------------------------------------------------
---

[ reply ]