|
|
Focus on IDS
ROI on IDS/IPS products Feb 27 2009 05:08PM Ravi Chunduru (ravi is chunduru gmail com) (5 replies) Re: ROI on IDS/IPS products Mar 04 2009 12:55PM aditya mukadam (aditya mukadam gmail com) (1 replies) Re: ROI on IDS/IPS products Feb 28 2009 12:17AM Frank Knobbe (frank knobbe us) (1 replies) Re: ROI on IDS/IPS products Mar 02 2009 06:36PM Jeremy Bennett (jeremyfb mac com) (1 replies) Re: ROI on IDS/IPS products Mar 02 2009 07:21PM Stefano Zanero (s zanero securenetwork it) (2 replies) Re: ROI on IDS/IPS products Mar 03 2009 04:01PM Webmaster 003 (webmaster networkdefense biz) (2 replies) Re: ROI on IDS/IPS products Mar 05 2009 02:48AM Joel Jaeggli (joelja bogus com) (2 replies) Re: ROI on IDS/IPS products Mar 05 2009 05:01PM Joel M Snyder (Joel Snyder Opus1 COM) (1 replies) Re: ROI on IDS/IPS products Mar 06 2009 01:56AM Ravi Chunduru (ravi is chunduru gmail com) (1 replies) Re: ROI on IDS/IPS products Feb 27 2009 06:26PM Jeff Kell (jeff-kell utc edu) (3 replies) Re: ROI on IDS/IPS products Feb 28 2009 10:20PM Ray (rpesek hotmail com) (1 replies) RE: Re: ROI on IDS/IPS products Mar 02 2009 05:26PM Brandon Louder (Brandon Louder mckennan org) (1 replies) |
|
Privacy Statement |
lets all the SQL Slammer, aspROX, PHP Includes, and many other attacks hit my
IPS inbound, where they are stopped.
An IPS is a critical component of defense-in-depth. It's not a magic box that
can be installed with default filters. It takes daily attention from a
trained network security analyst who does threat analysis and tunes the device
to protect against the attacks that it can best detect.
Anything beyond the capabilities of the firewall and IPS call for network
traffic analysis and anomaly detection.
As far as ROI is concerned, I agree with the other writers about 'no such
thing' and the fine writings of Mr. Betjlich. Let me ask you this; what's the
ROI on flood insurance, hurricane insurance, insurance on company vehicles, or
even vehicle inspections and registration?
Ask TJX, Heartland, and all the other victims of major intrusions about the
ROI of looking like complete morons for not spending enough on trained,
professional network security analysts and giving them the tools they need to
do their job.
You want examples of attacks that any good IPS can block?
Most SQL injection attacks.
Most PHP attacks.
Vulnerable PDF, activex, and document transmission.
Bad network traffic.
Many buffer overflow attacks.
Many zero-day or emerging threats.
Most cross-site scripting.
Many, many platform specific vulnerabilities.
They're not perfect, but I sure wouldn't want to do without mine.
Ravi Chunduru wrote:
> I was talking to a junior security administartor working for a big
> telecom company. He said something which is worrying. After few
> years of IPS deployment in particular department, they decided to
> remove IPS devices. It was felt that they did not find enough ROI to
> justify 2 dedicated personnel to monitor and analyze IDS/IPS logs and
> reports. It apperas that no major incidents were detected by network
> IPS devices. they felt that signature coverage is either poor or not
> timely. i also was told that these IPS devices are from industry
> leaders.
>
> Can you share your experiences? Any examples of successful detection
> and prevention of major attacks and penetration by IPS devices.
>
> Thanks
> Ravi
>
>
>
[ reply ]