Hi,
In my humble opinion, a lot of managers focus on the added $ value.
But forget there is something as not losing $, due to intrusions.
Not to mention the image loss (negative image) due to lack of security.
I think there is no ONE technology witch is going to take care of all our
security issue's, it's a combination of technology's.

So, IMHO IDS/IPS is far from dead.

Regards.
Oscar Kooijman
oscar[DOT]kooijman[AT]chello[DOT]nl

***-----Original Message-----
***From: Andrew Plato [mailto:aplato (at) anitian (dot) com [email concealed]]
***Sent: 20 February 2004 17:32
***To: focus-ids (at) securityfocus (dot) com [email concealed]
***Subject: Is IDS/IPS worthless?
***
***
***I've noticed something lately and I wonder if anybody else
***has experienced this. At a meeting recently, I was told by a
***number of people that IDS/IPS is a "worthless waste of IT
***resources" and "providing no real value to an organization."
*** The speaker at this particular meeting challenged me to say
***"what business goals did the implementation of an IDS/IPS
***achieve?" I responded that an IDS gives insight to what is
***happening on a network and provides critical data to more
***effectively focus resources on real problems. An IPS builds
***a level of trust and protection from intrusions as well as
***insight into the function and behavior of a network. (Okay,
***it was a vanilla answer, I
***admit.)
***
***So this speaker then challenged me to come up with
***verifiable metrics. I replied that he would have to define
***what metrics he wants? What does he consider a "viable
***metric" for performance. He said "did they sell more
***products, make more money?" I replied "why is that the only
***metric that businesses can understand? A lot of complex
***things go into 'making money' and IT operations is a small
***part of that. Marketing, strategic vision, and many other
***factors have a much more profound impact on 'making money'
***than a single IT security solution. However, insight into
***operations and security is a critical component of IT. How
***do you know you have been broken into if you don't have any
***mechanisms to detect those intrusions? There is clear value
***in investment in locks and security cameras, why not have
***similar investments into the digital equivalents."
***
***This shut him up, for a while, but it highlighted a growing
***trend I am noticing. It seems like there are a lot of people
***with an agenda right now to shoot down the value of IPS/IDS
***technologies. IPS in particular seems to be painted as a
***"marketing ploy." I also hear the story "they bought and
***IDS and it just sat in a rack and did nothing" a lot
***(usually from people who don't even know what an IDS does.)
***
***What is happening here? Anybody have any idea why there is
***a growing "anti-IDS" attitude. Is it the failure of IDS to
***produce value in an organization? Is the Gartner "IDS is
***dead" report having THAT much affect on the industry? Are
***the IDS vendors victims of their own over-marketing? Am I a
***paranoid moron?
***
***I am curious to hear other people's ideas on and strategies
***for dealing with these objections.
***
***
***___________________________________
***Andrew Plato, CISSP
***President/Principal Consultant
***ANITIAN ENTERPRISE SECURITY
***
***3800 SW Cedar Hills Blvd, Suite 298
***Beaverton, OR 97005
***503-644-5656 Office
***503-214-8069 Fax
***503-201-0821 Mobile
***www.anitian.com
***___________________________________
***
***GPG fingerprint: 16E6 C5B0 B6CB F287 776E E9A9 AF47 9914
***3582 633D GPG public key available at:
***http://www.anitian.com/corp/keys.htm
***
***-------------------------------------------------------------
***--------------
***Free trial: Astaro Security Linux -- firewall with
***Spam/Virus Protection
***
***Protect your network with the comprehensive security
***solution that integrates six applications for ease of use
***and lower TCO.
***
***Firewall - Virus protection - Spam protection - URL blocking - VPN
***- Wireless security.
***
***Download 30-day evaluation at:
***http://www.securityfocus.com/sponsor/Astaro_focus-ids_040219
***-------------------------------------------------------------
***--------------
***
***

[ reply ]