FW: Cost of Worm Attack Protection

Rob Thomas robt at cymru.com
Thu Nov 13 20:56:20 UTC 2003

Hi, NANOGers.

] The old saying of "you get what you pay for" seems to be well directed when
] it comes to this topic.  If you're willing to allocate $100K more than you
] currently spend to mitigating the effects from Worms and Viruses, I'm sure
] you will have some increased success.  If you allocate 1 mill more, your
] success will increase substantially.  The true cost really boils down to

This sort of thinking, unsupported by any data, runs rampant in
the security industry.  I have yet to see anyone document the
ROI on security tools and services.  Do they help at all?  Does
an increase in security spending result in a decrease in pain?
In some cases, as already documented here, an increase in
security measures can actually increases costs.

Let's not fall into the trap that more $$$ equates to greater
security or awareness.  I've seen many sites that installed
numerous pods of the latest IDS at their borders, only to be
owned from within or owned by a method not yet in the
ever-behind signature database of the IDS devices.  One can
waste money on security just as easily as one can waste money
on anything else.

Rob Thomas
ASSERT(coffee != empty);

More information about the NANOG mailing list