The old saying of "you get what you pay for" seems to be well directed when it comes to this topic. If you're willing to allocate $100K more than you currently spend to mitigating the effects from Worms and Viruses, I'm sure you will have some increased success. If you allocate 1 mill more, your success will increase substantially. The true cost really boils down to what you are trying to protect, such as how many servers, users, network segments, and other critical devices you are willing to encompass in your protection plan. Also, you may be able to mitigate the cost by using the functionality built into devices you may already own. A good protection schema needs to address the use and benefits from the following: Firewalls, VPN tunnels and policies, HIDs, NIDs, Antivirus software, and a good network security policy that grows with your network. You may already have most of this in place and need only a little extra funding allocated to give you the protection level you feel comfortable with. If you're looking for pricing on each component, they will vary widely depending on the brand and model you go with. You should shop around for components that suit your budget. An example of this price variance can be found by looking at a Net Forensics project priced at $500k compared to a similar solution going will Network Intelligence at $40K. The Network Intelligence solution may not have all the functionality offered by Net Forensics, but it may be enough for your needs. Best of luck in fighting this ever growing problem, Mike Braun -----Original Message----- From: sgorman1@gmu.edu [mailto:sgorman1@gmu.edu] Sent: Thursday, November 13, 2003 7:59 AM To: Joel Jaeggli Cc: nanog@merit.edu Subject: Re: Cost of Worm Attack Protection Good point - then what is the cost of attempting to mitigate or handle attacks vs. doing nothing? ----- Original Message ----- From: Joel Jaeggli <joelja@darkwing.uoregon.edu> Date: Thursday, November 13, 2003 10:14 am Subject: Re: Cost of Worm Attack Protection
I haven't seen any network or customer site that has protected itself from worms... only mitigated them.
joelja
On Thu, 13 Nov 2003 sgorman1@gmu.edu wrote:
I was hoping to get some estimates from folks on the costs of
defending> networks from various worm attacks. It is a pretty wide open question,
but if anyone has some rough estimates of what it costs per edge, manpower vs. equipment costs, or any combination thereof it would be of great assistance. We are doing some simulations of attack and defense> strategies and looking for some good metrics to plug into a cost benefit model. We'd be happy to share the results if anyone is interested as well.
Thanks in advance,
sean
-- ------------------------------------------------------------------- ------- Joel Jaeggli Unix Consulting joelja@darkwing.uoregon.edu GPG Key Fingerprint: 5C6E 0104 BAF0 40B0 5BD3 C38B F000 35AB B67F 56B2
"MMS <firstam.com>" made the following annotations on 11/13/2003 12:03:21 PM ------------------------------------------------------------------------------ "THIS E-MAIL MESSAGE AND ANY FILES TRANSMITTED HEREWITH, ARE INTENDED SOLELY FOR THE USE OF THE INDIVIDUAL(S) ADDRESSED AND MAY CONTAIN CONFIDENTIAL, PROPRIETARY OR PRIVILEGED INFORMATION. IF YOU ARE NOT THE ADDRESSEE INDICATED IN THIS MESSAGE (OR RESPONSIBLE FOR DELIVERY OF THIS MESSAGE TO SUCH PERSON) YOU MAY NOT REVIEW, USE, DISCLOSE OR DISTRIBUTE THIS MESSAGE OR ANY FILES TRANSMITTED HEREWITH. IF YOU RECEIVE THIS MESSAGE IN ERROR, PLEASE CONTACT THE SENDER BY REPLY E-MAIL AND DELETE THIS MESSAGE AND ALL COPIES OF IT FROM YOUR SYSTEM." ==============================================================================
On Thu, 13 Nov 2003, Braun, Mike wrote:
The old saying of "you get what you pay for" seems to be well directed when it comes to this topic. If you're willing to allocate $100K more than you currently spend to mitigating the effects from Worms and Viruses, I'm sure you will have some increased success. If you allocate 1 mill more, your success will increase substantially. The true cost really boils down to
Actually that is not true. There is substantial evidence that spending more does not change behavor when it comes to worms. Offering anti-virus software, firewalls, consulting, email, telephone calls, letters, etc have the exact same impact as doing nothing on the average ISP consumer. As Jared points out, doing "more" substantially increases the support costs for ISPs and doesn't reduce the number or severity of worms. On the other hand, individuals can have a dramatic impact on the security of his or her own computer. Unfortunately, computer security is a bit like the light bulb joke. How many psychologists does it take to change a light bulb? One, but the light bulb has to want to change.
Hi, NANOGers. ] The old saying of "you get what you pay for" seems to be well directed when ] it comes to this topic. If you're willing to allocate $100K more than you ] currently spend to mitigating the effects from Worms and Viruses, I'm sure ] you will have some increased success. If you allocate 1 mill more, your ] success will increase substantially. The true cost really boils down to This sort of thinking, unsupported by any data, runs rampant in the security industry. I have yet to see anyone document the ROI on security tools and services. Do they help at all? Does an increase in security spending result in a decrease in pain? In some cases, as already documented here, an increase in security measures can actually increases costs. Let's not fall into the trap that more $$$ equates to greater security or awareness. I've seen many sites that installed numerous pods of the latest IDS at their borders, only to be owned from within or owned by a method not yet in the ever-behind signature database of the IDS devices. One can waste money on security just as easily as one can waste money on anything else. Thanks, Rob. -- Rob Thomas http://www.cymru.com ASSERT(coffee != empty);
participants (3)
-
Braun, Mike -
Rob Thomas -
Sean Donelan