On Fri, Feb 27, 2009 at 10:26 AM, Jeff Kell <[email protected]> wrote: > "The day before a breach, the ROI is zero. The day after, it is > infinite." -- Dennis Hoffman, RSA
Actually I'd argue that if you have an IPS and you're breached, then the ROI is likely negative. Honestly, there are so many variables that go into the ROI (what product, it's quality, your risk profile, your baseline network traffic, etc) that saying because some other random company didn't find any value that you won't either is overly simplistic. How and where you deploy an IPS can dramatically affect the ROI. Of course, since resources aren't infinite there may be other things you can do which have a higher ROI then deploying/managing an IPS. -- Aaron Turner http://synfin.net/ http://tcpreplay.synfin.net/ - Pcap editing and replay tools for Unix & Windows Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. -- Benjamin Franklin
