RE: Network IDS

[Steffen Kluge <kluge () fujitsu com au>]

On Wed, 2003-08-20 at 05:52, Robert.Lupo () nokia com wrote:
> I have seen time and time again people buying a product, getting
> vendor training and then viewing the logs and thinking "wo ho! I have
> IDS!" but do you know how to write your own rules, signatures, analyze
> the traffic for what your company needs?

If they don't then that "woohoo!" will quickly turn into a "curse that
wretched IDS!". The system will swamp them with logs, the sheer amount
of which will make it near impossible to spot the interesting bits among
the noise. In the end they will concede that the whole IDS idea was an
expensive flop.

I believe this is part of the sentiment the Gartner article reflects.

Of course, commercial NIDS vendors have only themselves to blame for
this backlash. While they were busy grabbing a slice of the market the
new IDS buzzword created they neglected (or forgot, or avoided) to tell
customers that IDS is a tool that's only useful in skilled hands.

Cheers
Steffen.

Attachment: signature.asc
Description: This is a digitally signed message part