Bejtlich does lots of writing around security ROI and whether ROI is even an appropriate term when applied to security spending. Try this link and have a read.
http://taosecurity.blogspot.com/search?q=roi Marty On Fri, Feb 27, 2009 at 12:08 PM, Ravi Chunduru <[email protected]> wrote: > I was talking to a junior security administartor working for a big > telecom company. He said something which is worrying. After few > years of IPS deployment in particular department, they decided to > remove IPS devices. It was felt that they did not find enough ROI to > justify 2 dedicated personnel to monitor and analyze IDS/IPS logs and > reports. It apperas that no major incidents were detected by network > IPS devices. they felt that signature coverage is either poor or not > timely. i also was told that these IPS devices are from industry > leaders. > > Can you share your experiences? Any examples of successful detection > and prevention of major attacks and penetration by IPS devices. > > Thanks > Ravi > > > -- Martin Roesch - Founder/CTO, Sourcefire Inc. - +1-410-290-1616 Sourcefire - Security for the Real World - http://www.sourcefire.com Snort: Open Source IDP - http://www.snort.org
