Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Value of IDS, ROI

from [Ed Gibbs] Network Security [Permanent Link]
Subject: RE: Value of IDS, ROI
Date: Tue, 3 May 2005 17:10:32 -0700 
Jason,

Positioning IDS/IPS to the CxO level if very difficult, because the return
is basically not realized until the product actually proves itself by
preventing or detecting something significant.  Things to bring up include:

*       Capital Cost: sensor(s), management software, additional hardware,
maintenance
*       Operational Cost: installation, policy implementation,
tuning/analysis, software/hardware updates, monitoring, remote management,
personal, etc.
*       Business Benefit
        - Cost of not detecting/preventing attacks (risk)
        - Cost of downtime including manpower and disruption in
business/productivity
        - Attack recovery cost

 Risk, in this case, is defined as a measurement of uncertainty around a
given investment in technology.  Uncertainty is measured from several
perspectives: one is the likelihood that he technoogy will not perform as
expected.  This impacts cost and benefit estimates by potentially reducing
the benefits that will ultimately be achieved as well as increasing the
costs of the investment.  Second, lack of accountability and incentive to
measure the success of the investment, particularly enterprise wide
benefits, will ultimately result in lack of a demonstrated return.  

 I like to use the auto insurance scenario, because it's something that we
don't see any return on unless something happens, then we ultimately need
it.  

I have more information and example spreadsheets on how to calculate capital
cost, operational cost, and benefits if you would like a copy.  You also may
want to consider investing your money in IPS, rather than IDS.  The majority
of IPS products today can still be used as an IDS, however, you have the
option of going in-line and blocking attacks rather than just detecting,
which will go further.  McAfee IntruShield, TippingPoint UnityOne, ISS
RealSecure, NitroSecurity, and others are well worth the investment.

-Ed
760-687-6768
ed@digitalconclave.com
IPS Experts

 

-----Original Message-----
From: Jason Patel [mailto:patel1210@yahoo.com]
Sent: Tuesday, May 03, 2005 11:15 AM
To: focus-ids@securityfocus.com
Subject: Value of IDS, ROI



I was wondering how big companies CIO show their executives Return of
investment on IDS. What is the monitoring strategy for IDS alerts. I am
trying to figure monitoring strategy and how to show my executive that how
important job this is, but cant come up with a convincing solution. Anyhelp
is highly appreciated.

Thanks,

Jason

--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE
IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
--------------------------------------------------------------------------





--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Value of IDS, ROI, Bob Huber
Next by Date:  Re: Value of IDS, ROI, Vladimir Vuksan
Previous by Thread:  Value of IDS, ROI, Jason Patel
Next by Thread:  Re: Value of IDS, ROI, Vladimir Vuksan
Indexes:  [Date] [Thread] [Top] [All Lists]