IDS: What Lies Ahead?

[InfoSec News <isn () c4i org>]

http://www.eweek.com/article2/0,3959,1124790,00.asp

By Dennis Fisher
June 11, 2003 

A research report saying that intrusion detection systems are outdated
and useless has angered some vendors who say that argument
deliberately ignores several key facts and discounts IDS' potential.

The anger stems from a press release that research firm Gartner Inc.  
sent out Wednesday. The release touts a recent report that concludes
that IDS systems are a complete failure and recommends that enterprise
IT managers take whatever money they have allocated for the technology
and redirect it toward firewalls.

"Intrusion detection systems are a market failure and vendors are now
hyping intrusion prevention systems, which have also stalled in the
marketplace," said Richard Stiennon, research vice president at
Gartner, based in Stamford, Conn. "Functionality is moving into
firewalls, which will perform deep packet inspection for content and
malicious traffic blocking, as well as antivirus activities."

That assessment is part of Gartner's Information Security Hype Cycle,
which assigns positions in the cycle to a variety of technologies. IDS
is among several technologies listed as "sliding into the trough."

Gartner's conclusions have many IDS vendors up in arms. "They're
advocating the removal of a layer of defense in-depth. They're saying
IDS can't get better. They're wrong on two counts," said Martin
Roesch, founder and CTO of Sourcefire Inc., based in Columbia, Md.,
which sells an IDS system based on the open-source Snort technology
that Roesch invented. "That's just ridiculous. They're basically
saying that the high-level audit function is useless and high-level
inspection is the only thing you need."

Other vendors disagree with Stiennon's statements about IDS, but say
his thoughts on the convergence of security functions in a single
device are accurate.

"The statement that IDS is dead and IPS is stillborn, that's all to
create emotion. We disagree with the statement that there's no value
in IDS," said Tim McCormick, vice president of marketing at Internet
Security Systems Inc. in Atlanta, which is in the process of rolling
out a line of security appliances that combine IDS, firewall and other
functions. "We built a $240 million business by inventing IDS. But the
underlying message about convergence is right on. You need all the
components. It's not whether IDS is better than a firewall. You need
them all."

The Gartner report asserts that IDS systems place too many demands on
networks and IT staffs and require far too much care and feeding to be
effective. Stiennon says that the new generation of firewalls that
combine both network and application-level protection are what
corporate networks really need.

Roesch dismisses this as hype. "I guess we had the intrusion
prevention craze and that lasted for about three months and now we
have intelligent firewalls," he said. "Proxy firewalls are dead. Long
live proxy firewalls."



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.