Nice post.
How does one find out misconfgured Firewalls and NAT boxes using IPS?
Ravi
On Thu, Mar 5, 2009 at 9:01 AM, Joel M Snyder joel.sny...@opus1.com wrote:
Speaking to the roi, someone already observed that in at least one
environment it was concluded that patch management was addressing
Ravi Chunduru wrote:
Nice post.
How does one find out misconfgured Firewalls and NAT boxes using IPS?
Any box that has an unobstructed view of the contents of a network
segment or segements is potentially a great audit tool. Used properly,
the sniffers perspective can tell you a hell of a lot
Jeremy Bennett wrote:
So, why do you consider it so far fetched that I might configure an IPS
not on a signature-by-signature basis but an application, resource, and
risk basis?
Application and resource I can understand. Risk basis defies me.
Activating or deactivating signatures by
You are right, about smart attackers vs unmotivated ignorant users. Seems
to me that the vast majority of attacks come from automated scripts.
These scripts might have been written by smart programmers, but it doesn't
take a smart attacker to use one.
Now the original victim environment in
] On
Behalf Of aditya mukadam
Sent: Wednesday, March 04, 2009 7:55 AM
To: focus-ids@securityfocus.com
Cc: Ravi Chunduru
Subject: Re: ROI on IDS/IPS products
It was felt that they did not find enough ROI to
justify 2 dedicated personnel to monitor and analyze IDS/IPS logs and
reports. It apperas
Speaking to the roi, someone already observed that in at least one
environment it was concluded that patch management was addressing an
overlapping set of low hanging fruit and that therefore the ips was no
longer earning it's keep.
As an interesting coincidence, I advised a client on that
It was felt that they did not find enough ROI to
justify 2 dedicated personnel to monitor and analyze IDS/IPS logs and
reports. It apperas that no major incidents were detected by network
IPS devices. i also was told that these IPS devices are from industry
leaders.
I read the above with
I'm going to try this one more time and then just let it go. Just
because the current crop of products suck doesn't mean we need smarter
users.
On Mar 2, 2009, at 1:36 PM, Jack Whitsitt wrote:
I don't normally chime in here, but this seemed to warrant a response:
So, why do you consider
it. Do you
have any links to a white paper or anything with any details?
-Brandon
-Original Message-
From: listbou...@securityfocus.com [mailto:listbou...@securityfocus.com]
On Behalf Of Ray
Sent: Saturday, February 28, 2009 4:21 PM
To: focus-ids@securityfocus.com
Subject: Re: ROI on IDS/IPS
On Mon, Mar 2, 2009 at 3:09 PM, Jeremy Bennett jerem...@mac.com wrote:
On Mar 2, 2009, at 11:21 AM, Stefano Zanero wrote:
You assert that the customer 'WILL need to know damn well what they are
doing.' I assert that if the customer knew what they were doing to the
degree that you imply
Webmaster 003 wrote:
I think the easiest way would be to buy a device with a consulting
company doing the backend stuff. Then the user can stay fat and
happy, with a set monthly cost.
In my opinion, and in my experience, this doesn't work. Or, more importantly,
it works for people who
Bingo. Just ask Kaspersky what they would pay for having had an IPS product
installed (or a web application firewall) that could stop SQL Injection the
day before they got breached and their reputation took a big hit.
If you get breached and have to notify the people whose information you
industry
Discussion around the term ROI aside, your question should not have been
about ROI on IDS/IPS products, but rather about IDS/IPS
*deployments*.
You can have a great product that works really well (Snort comes to
mind), but deploy it completely wrong. While the ROI of the product
exists
Jeff Kell wrote:
The day before a breach, the ROI is zero. The day after, it is
infinite. -- Dennis Hoffman, RSA
If it wasn't going to be effective, then that's hardly an assertion you
can make... The threat environment evolves and it may well be that opex
was better spent elsewhere.
On Feb 27, 2009, at 4:17 PM, Frank Knobbe wrote:
I think too many people expect to buy an IDS/IPS off the shelf, read
the
manual, get it set up, and think the task is done. IDS/IPS boxes are
tricky and require expertise to properly configure and use. If that
expertise doesn't exist in your
:21 PM
To: focus-ids@securityfocus.com
Subject: Re: ROI on IDS/IPS products
Bingo. Just ask Kaspersky what they would pay for having had an IPS
product
installed (or a web application firewall) that could stop SQL Injection
the
day before they got breached and their reputation took a big hit
On Mar 2, 2009, at 11:21 AM, Stefano Zanero wrote:
Jeremy Bennett wrote:
This is a problem with the products, not the customers. The problem
being that there is still too much IDS thinking inside the IPS.
Funny, since an IPS is nothing more than an IDS that can drop
traffic ;-)
This is
I was talking to a junior security administartor working for a big
telecom company. He said something which is worrying. After few
years of IPS deployment in particular department, they decided to
remove IPS devices. It was felt that they did not find enough ROI to
justify 2 dedicated
The day before a breach, the ROI is zero. The day after, it is
infinite. -- Dennis Hoffman, RSA
Bejtlich does lots of writing around security ROI and whether ROI is
even an appropriate term when applied to security spending. Try this
link and have a read.
http://taosecurity.blogspot.com/search?q=roi
Marty
On Fri, Feb 27, 2009 at 12:08 PM, Ravi Chunduru
ravi.is.chund...@gmail.com wrote:
[mailto:listbou...@securityfocus.com]
On Behalf Of Martin Roesch
Sent: Friday, February 27, 2009 1:47 PM
To: Ravi Chunduru
Cc: Focus IDS
Subject: Re: ROI on IDS/IPS products
Bejtlich does lots of writing around security ROI and whether ROI is
even an appropriate term when applied
vis-a-vis
security. Personally I worked for one back in 2004 and I think it was quite
ahead at the time.
Cheers,
Santiago
--Original Message--
From: Jeremy Walczak
Sender: listbou...@securityfocus.com
To: Ravi Chunduru
To: Focus IDS
Subject: Re: ROI on IDS/IPS products
Sent: 27 Feb
22 matches
Mail list logo