I was talking to a junior security administartor working for a big telecom company. He said something which is worrying. After few years of IPS deployment in particular department, they decided to remove IPS devices. It was felt that they did not find enough ROI to justify 2 dedicated personnel to monitor and analyze IDS/IPS logs and reports. It apperas that no major incidents were detected by network IPS devices. they felt that signature coverage is either poor or not timely. i also was told that these IPS devices are from industry leaders.
Can you share your experiences? Any examples of successful detection and prevention of major attacks and penetration by IPS devices. Thanks Ravi
