Dailydave mailing list archives
Re: lots of monkeys staring at a screen....security?
From: Gadi Evron <ge () linuxbox org>
Date: Sat, 28 Oct 2006 00:56:32 -0500 (CDT)
On Fri, 27 Oct 2006, liquidfish wrote:
There is another value that IDS can afford a business which has not yet been discussed in this thread. I agree 100% with the previous comments on the worth (or lack thereof) of an IDS in catching and responding to attacks in progress. However, there is value in trending from the alerts of an IDS. By monitoring and trending what types of attacks your network sees the most of, and which parts of the network have the higher number of attacks, you can begin to understand where your focus for future security projects should be and help decide what types of things should be budgeted for. I will agree that in many cases these things should already be obvious and you shouldn't need an IDS to tell you them, but there are cases where many admins are surprised when they start paying attention and see what is really going on, as opposed to what they assumed was going on. Additionally, generating pretty graphs from IDS alert trending to present to upper management can often help them understand the need to budget for things you already know need to be taken care of. See a lot of web application attacks? Show management the numbers and finally get that budget set aside to send the web developers to some secure programming training etc. IDS can provide value, peoples (more often than not, managements) expectations of what that value is just needs to catch up with reality.
This is somewhat close to heart here now, as, for example, Mcafee is the first (among many to come) trying to re-brand IPS or other products as save-all solutions for botnets, now a buzzword. So, let us list what I[DP]S does right: 1. Policy enforcement. 2. Board-room budget meeting graphs and statistics generation. 3. ...? Only place I had use for an IDS was when I ran security for the Israeli Gov't Internet Security Operations. I cared about "everything". That does not apply to nearly any organization out there. Gadi. _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Re: lots of monkeys staring at a screen....security?, (continued)
- Re: lots of monkeys staring at a screen....security? Blue Boar (Oct 26)
- Re: lots of monkeys staring at a screen....security? Jamie Riden (Oct 26)
- Re: lots of monkeys staring at a screen....security? Kevin Johnson (Oct 27)
- Re: lots of monkeys staring at a screen....security? Dave Aitel (Oct 27)
- Re: lots of monkeys staring at a screen....security? Halvar Flake (Oct 27)
- Re: lots of monkeys staring at a screen....security? Thomas Ptacek (Oct 27)
- Re: lots of monkeys staring at a screen....security? Matt Beaumont (Oct 27)
- Re: lots of monkeys staring at a screen....security? Dave Aitel (Oct 28)
- Re: lots of monkeys staring at a screen....security? Ron Gula (Oct 28)
- Re: lots of monkeys staring at a screen....security? liquidfish (Oct 27)
- Re: lots of monkeys staring at a screen....security? Gadi Evron (Oct 28)
- Re: lots of monkeys staring at a screen....security? Thomas Ptacek (Oct 29)
- Re: lots of monkeys staring at a screen....security? Gadi Evron (Oct 29)
- Re: lots of monkeys staring at a screen....security? David Maynor (Oct 29)
- Re: lots of monkeys staring at a screen....security? Dave Aitel (Oct 27)
- Re: lots of monkeys staring at a screen....security? Florian Weimer (Oct 29)
- Re: lots of monkeys staring at a screen....security? Paul Wouters (Oct 27)
- Re: lots of monkeys staring at a screen....security? Blue Boar (Oct 27)
- Re: lots of monkeys staring at a screen....security? Florian Weimer (Oct 29)
- Re: lots of monkeys staring at a screen....security? Kevin Johnson (Oct 29)
- Re: lots of monkeys staring at a screen....security? Joanna Rutkowska (Oct 29)
- Re: lots of monkeys staring at a screen....security? David Maynor (Oct 29)