|
|
Focus on IDS
ROI on IDS/IPS products Feb 27 2009 05:08PM Ravi Chunduru (ravi is chunduru gmail com) (5 replies) Re: ROI on IDS/IPS products Mar 04 2009 12:55PM aditya mukadam (aditya mukadam gmail com) (1 replies) Re: ROI on IDS/IPS products Feb 27 2009 06:26PM Jeff Kell (jeff-kell utc edu) (3 replies) Re: ROI on IDS/IPS products Feb 28 2009 10:20PM Ray (rpesek hotmail com) (1 replies) RE: Re: ROI on IDS/IPS products Mar 02 2009 05:26PM Brandon Louder (Brandon Louder mckennan org) (1 replies) |
|
Privacy Statement |
> I was talking to a junior security administartor working for a big
> telecom company. He said something which is worrying. After few
> years of IPS deployment in particular department, they decided to
> remove IPS devices. It was felt that they did not find enough ROI to
> justify 2 dedicated personnel to monitor and analyze IDS/IPS logs and
> reports. It apperas that no major incidents were detected by network
> IPS devices. they felt that signature coverage is either poor or not
> timely. i also was told that these IPS devices are from industry
Discussion around the term ROI aside, your question should not have been
about "ROI on IDS/IPS products", but rather about "IDS/IPS
*deployments*".
You can have a great product that works really well (Snort comes to
mind), but deploy it completely wrong. While the "ROI" of the product
exists, the deployment makes it a complete waste of funds.
I'm not sure which product you are referring to (though I can make a
good guess :), and yes, there are products that conform to their
companies marketing material and get you a check-box on your compliance
audits, but are actually worthless. Other products are great, but again,
if they are not *deployed* correctly and/or *used* correctly, then these
deployments are also a waste of time and money.
I think too many people expect to buy an IDS/IPS off the shelf, read the
manual, get it set up, and think the task is done. IDS/IPS boxes are
tricky and require expertise to properly configure and use. If that
expertise doesn't exist in your organization, hire someone that does
have the expertise and can help not just implementing the IDS/IPS, but
also assist creating a group that can actually manage and use it on a
continuous basis.
Cheers,
Frank
--
It is said that the Internet is a public utility. As such, it is best
compared to a sewer. A big, fat pipe with a bunch of crap sloshing
against your ports.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.10 (FreeBSD)
iD8DBQBJqIKJpIc56HlJ1YARAtHdAJwJOMPRsl2tlX8SD4YKpi5UOGyyNQCdFqro
zo8IHUQLZb/0IAa2lrDd7dE=
=wSYH
-----END PGP SIGNATURE-----
[ reply ]