RE: Recent Gartner IDS/IPS report

[Avi Chesla <avic () V-Secure com>]

Hi,

I agree with Gartner's statement, that the next generation of security
products will integrate automatic prevention capabilities into their
systems. This is already happening (IPS - Intrusion Prevention Systems) and
my opinion is that this reflects the market's needs currently and in the
future.

Why is that?

The increasing value of the Internet have raised the demands for faster
security solutions and, most importantly, automatic active devices that can
provide proper countermeasures to the attacks.  Due to the speed and
frequency of attack methods, these devices must also be able to execute
defensive actions without human intervention in minimum time. The majority
of Internet connected organizations do not have the necessary time or
resources to properly analyze security reports, implement necessary
countermeasures and execute them.   If the organization's Internet
infrastructure and applications aren't easily accessible or are difficult to
use, the customers who expect to get fast and reliable online services will
simply find another available service (usually from a competing
organization). 
Human decisions and actions take time and, in a world dominated by fast
hardware and communication lines, some of the decisions and countermeasures
will have to be done automatically by the security devices in order to avoid
losing customers.

It is not clear however, what Gartner means by saying that firewalls (with
more security functionalities - network and applications protections) will
replace the IDS products. Intrusion analysis is an entirely different
technology than the technology which is associated with current firewalls
products. Integrating both technologies in the same product is possible and
it seems that this is what Gartner was intending to explain, unsuccessfully.

      
Although it might upset some vendors, if automatic prevention is what the
market wants, it is a fact that the current IDS products which are
associated with an excessive amount of false positives, will not be able to
provide.  

Avi Chesla



-------------------------------------------------------------------------------
Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the 
world's premier technical IT security event! 10 tracks, 15 training sessions, 
1,800 delegates from 30 nations including all of the top experts, from CSO's to 
"underground" security specialists.  See for yourself what the buzz is about!  
Early-bird registration ends July 3.  This event will sell out. www.blackhat.com
-------------------------------------------------------------------------------