Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Value of IDS, ROI

from [Chris Byrd] Network Security [Permanent Link]
Subject: Re: Value of IDS, ROI
Date: Thu, 5 May 2005 20:38:39 -0700 (PDT) 
In my opinion, the best way to sell IDS is on the
number of real, actionable alerts you receive.  Get in
a vendor's demo appliance or software, tune it to
filter out the noise, and deliver a list of alerts
that were not otherwise detected to your boss.  You'd
be amazed how much stuff you'll find, especially at
first.  Policy violations, spyware, even compromized
machines often go otherwise unnoticed.

There are methods to calculate the ROI of an IDS
system, but in my experience the above was all that
was necessary.

As far as monitoring, remove as much noise as
possible.   If you recieve 100+ alerts a day, the
important ones will slip by unnoticed.  Event
correlation, security context, and tuning can reduce
the volume of actionable alerts.  Look for IDS
products that have this built in, or buy a SIM too.

- Chris
--- Jason Patel <patel1210@yahoo.com> wrote:



I was wondering how big companies CIO show their
executives Return of investment on IDS. What is the
monitoring strategy for IDS alerts. I am trying to
figure monitoring strategy and how to show my
executive that how important job this is, but cant
come up with a convincing solution. Anyhelp is
highly appreciated. 

Thanks,

Jason



--------------------------------------------------------------------------

Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with
real-world attacks from 
CORE IMPACT.
Go to


http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708


to learn more.


--------------------------------------------------------------------------






                
__________________________________ 
Do you Yahoo!? 
Yahoo! Small Business - Try our new resources site!
http://smallbusiness.yahoo.com/resources/ 

--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Router/Switches and viruses, Chris Byrd
Next by Date:  RE: Router/Switches and viruses, Wolfpaw - Dale Corse
Previous by Thread:  RE: Value of IDS, ROI, John Forristel (SunGard-Chico)
Next by Thread:  RE: Value of IDS, ROI, Federico Lombardo
Indexes:  [Date] [Thread] [Top] [All Lists]