Focus on IDS
Back to list
Re: ROI on IDS/IPS products
Feb 27 2009 07:07PM
sant-bar dsv su se
What about a risk-based approach for justifying a security investment?
Even in cases when a quantitative risk assessment approach is not possible I find qualitative approach (if effective) can be good enough.
It is quite weird for me to see that a telecom is not mature enough vis-a-vis security. Personally I worked for one back in 2004 and I think it was quite ahead at the time.
From: Jeremy Walczak
Sender: listbounce (at) securityfocus (dot) com [email concealed]
To: Ravi Chunduru
To: Focus IDS
Subject: Re: ROI on IDS/IPS products
Sent: 27 Feb 2009 19:47
Interesting paper from SANS. Link below. It in part discusses why
there is no such thing as ROI for security spending, and instead tries
to focus the decision on either an "investment" or "goal" based
justification. Perhaps the paper would help to generate ideas on other
ways to sell the investment to the company.
>>> Ravi Chunduru <ravi.is.chunduru (at) gmail (dot) com [email concealed]> 2/27/2009 12:08 PM >>>
I was talking to a junior security administartor working for a big
telecom company. He said something which is worrying. After few
years of IPS deployment in particular department, they decided to
remove IPS devices. It was felt that they did not find enough ROI to
justify 2 dedicated personnel to monitor and analyze IDS/IPS logs and
reports. It apperas that no major incidents were detected by network
IPS devices. they felt that signature coverage is either poor or not
timely. i also was told that these IPS devices are from industry
Can you share your experiences? Any examples of successful detection
and prevention of major attacks and penetration by IPS devices.
[ reply ]
Copyright 2010, SecurityFocus