IDS mailing list archives
RE: Is IDS/IPS worthless?
From: "Wolfpaw - Dale Corse" <admin-lists () wolfpaw net>
Date: Mon, 23 Feb 2004 10:38:07 -0700
Hi Andrew, An interesting Analogy is that an IDS is like hiring a security guard for your network. If you depend on your inventory for example, to make money.. You install an alarm system, or hire a guard. If you don't want to "waste the money" and protect yourself, don't be all that surprised when someone drives a truck through the front window, and cleans you out. They are time consuming to configure, and by no means a guarantee. But when you consider the seemingly growing global threat to any machine (especially a business) that is attached to the internet, I would hardly toss an IDS in the "waste" category. Just my 2 cents, and pretty much what I would have said in a meeting such as that :) Just a blunt IT guy.. D. -------------------------------- Dale Corse System Administrator Wolfpaw Services Inc. http://www.wolfpaw.net (780) 474-4095
-----Original Message----- From: Andrew Plato [mailto:aplato () anitian com] Sent: Friday, February 20, 2004 9:32 AM To: focus-ids () securityfocus com Subject: Is IDS/IPS worthless? I've noticed something lately and I wonder if anybody else has experienced this. At a meeting recently, I was told by a number of people that IDS/IPS is a "worthless waste of IT resources" and "providing no real value to an organization." The speaker at this particular meeting challenged me to say "what business goals did the implementation of an IDS/IPS achieve?" I responded that an IDS gives insight to what is happening on a network and provides critical data to more effectively focus resources on real problems. An IPS builds a level of trust and protection from intrusions as well as insight into the function and behavior of a network. (Okay, it was a vanilla answer, I admit.) So this speaker then challenged me to come up with verifiable metrics. I replied that he would have to define what metrics he wants? What does he consider a "viable metric" for performance. He said "did they sell more products, make more money?" I replied "why is that the only metric that businesses can understand? A lot of complex things go into 'making money' and IT operations is a small part of that. Marketing, strategic vision, and many other factors have a much more profound impact on 'making money' than a single IT security solution. However, insight into operations and security is a critical component of IT. How do you know you have been broken into if you don't have any mechanisms to detect those intrusions? There is clear value in investment in locks and security cameras, why not have similar investments into the digital equivalents." This shut him up, for a while, but it highlighted a growing trend I am noticing. It seems like there are a lot of people with an agenda right now to shoot down the value of IPS/IDS technologies. IPS in particular seems to be painted as a "marketing ploy." I also hear the story "they bought and IDS and it just sat in a rack and did nothing" a lot (usually from people who don't even know what an IDS does.) What is happening here? Anybody have any idea why there is a growing "anti-IDS" attitude. Is it the failure of IDS to produce value in an organization? Is the Gartner "IDS is dead" report having THAT much affect on the industry? Are the IDS vendors victims of their own over-marketing? Am I a paranoid moron? I am curious to hear other people's ideas on and strategies for dealing with these objections. ___________________________________ Andrew Plato, CISSP President/Principal Consultant ANITIAN ENTERPRISE SECURITY 3800 SW Cedar Hills Blvd, Suite 298 Beaverton, OR 97005 503-644-5656 Office 503-214-8069 Fax 503-201-0821 Mobile www.anitian.com ___________________________________ GPG fingerprint: 16E6 C5B0 B6CB F287 776E E9A9 AF47 9914 3582 633D GPG public key available at: http://www.anitian.com/corp/keys.htm -------------------------------------------------------------- ------------- Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection Protect your network with the comprehensive security solution that integrates six applications for ease of use and lower TCO. Firewall - Virus protection - Spam protection - URL blocking - VPN - Wireless security. Download 30-day evaluation at: http://www.securityfocus.com/sponsor/Astaro_fo> cus-ids_040219 -------------------------------------------------------------- -------------
--------------------------------------------------------------------------- Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection Protect your network with the comprehensive security solution that integrates six applications for ease of use and lower TCO. Firewall - Virus protection - Spam protection - URL blocking - VPN - Wireless security. Download 30-day evaluation at: http://www.securityfocus.com/sponsor/Astaro_focus-ids_040219 ---------------------------------------------------------------------------
Current thread:
- Re: Is IDS/IPS worthless?, (continued)
- Re: Is IDS/IPS worthless? Andy Cuff (Feb 23)
- Re: Is IDS/IPS worthless? Mike Hoskins (Feb 23)
- Re: Is IDS/IPS worthless? Olaf Gellert (Feb 23)
- Re: Is IDS/IPS worthless? SecurIT Informatique Inc. (Feb 23)
- Re: Is IDS/IPS worthless? Olaf Gellert (Feb 23)
- Re: Is IDS/IPS worthless? SecurIT Informatique Inc. (Feb 23)
- Re: Is IDS/IPS worthless? Xiaoyong Wu (Feb 24)
- Re: Is IDS/IPS worthless? Michael Stone (Feb 25)
- Re: Is IDS/IPS worthless? SecurIT Informatique Inc. (Feb 23)
- Re: Is IDS/IPS worthless? Andy Cuff (Feb 23)
- Re: Is IDS/IPS worthless? Mike Hoskins (Feb 23)
- RE: Is IDS/IPS worthless? Martin (Feb 23)