Recent anti-NIDS Gartner article

[Ron Gula <rgula () tenablesecurity com>]

Gartner has the basic point right, that NIDS are time-consuming and
don't automatically stop attacks, but their facts and conclusions
are all wrong.

- Most large organizations dont even look at their firewall logs
- if NIDS have failed us, then Gartner should have lumped in the
  ESM/SIM guys which are primarily NIDS correlation tools
- the article will cause NIDS vendors to quickly rename their
  products as 'NIPS' or 'Defensive' systems which will confuse
  the less sophisticated buying public

Bottom line: I think the article will have an acceleration on the
demise of the CSO role and the idea of a separated 'security'
staff. Firewalls used to be run by the security guys, now it is
the network engineering folks. Virus was run by security as well
until it went to IT. Now if the FW guys can do something close
to IDS, why have an expensive group of security analysts around.

Ron Gula, CTO
Tenable Network Security


-------------------------------------------------------------------------------
Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the 
world's premier technical IT security event! 10 tracks, 15 training sessions, 
1,800 delegates from 30 nations including all of the top experts, from CSO's to 
"underground" security specialists.  See for yourself what the buzz is about!  
Early-bird registration ends July 3.  This event will sell out. www.blackhat.com
-------------------------------------------------------------------------------