FW: Cost of Worm Attack Protection
robt at cymru.com
Thu Nov 13 20:56:20 UTC 2003
] The old saying of "you get what you pay for" seems to be well directed when
] it comes to this topic. If you're willing to allocate $100K more than you
] currently spend to mitigating the effects from Worms and Viruses, I'm sure
] you will have some increased success. If you allocate 1 mill more, your
] success will increase substantially. The true cost really boils down to
This sort of thinking, unsupported by any data, runs rampant in
the security industry. I have yet to see anyone document the
ROI on security tools and services. Do they help at all? Does
an increase in security spending result in a decrease in pain?
In some cases, as already documented here, an increase in
security measures can actually increases costs.
Let's not fall into the trap that more $$$ equates to greater
security or awareness. I've seen many sites that installed
numerous pods of the latest IDS at their borders, only to be
owned from within or owned by a method not yet in the
ever-behind signature database of the IDS devices. One can
waste money on security just as easily as one can waste money
on anything else.
ASSERT(coffee != empty);
More information about the NANOG