IDS mailing list archives
RE: Is IDS/IPS worthless?
From: "Andrew Plato" <aplato () anitian com>
Date: Tue, 24 Feb 2004 10:52:18 -0800
First, thank you to everybody who has replied on and off list to this issue. Lots of great ideas. After reading all these responses I've come to the conclusion that the key problem with IDS/IPS seems to be education (or mis-education). People have a lot of inaccurate or incomplete data about IPS/IDS in the general public (not here on the list.) And they base their opinions on the effectiveness of these technologies on that faulty information. For example, there is an infosec "celebrity" I see occasionally who repeatedly tells a story about ONE company he visited where they left their IDS unused, sitting on a shelf. That story has taken on a life of its own. People now use that story as justification for why IPS/IDS isn't worth the investment. What this celebrity fails to mention is that the reason people leave IDS/IPS on a shelf: inexperience. Either the IT team failed to implement the IDS/IPS properly or the reseller/vendor misrepresented its capabilities or implementation challenges. As such, I think Gartner is really just echoing what a lot of people believe. IDS is dead because its consistently implemented and used incorrectly. And thus, people think IDS is useless because the person before them refused to learn how to make an IPS/IDS effective. It's a positive feedback loop of sorts. 1. Vendors over-sell their products' capabilities and/or resellers fail to educate their customers. 2. The products are improperly implemented and/or used. 3. These failures spread via "celebrity" stories and "research" reports. 4. A valuable technology gains a stigma of ineffectiveness when in reality the problem is an education failure. This is my interpretation of the problem. Does anybody agree with this? Or am I being a moron and missing something obvious. ___________________________________ Andrew Plato, CISSP President/Principal Consultant ANITIAN ENTERPRISE SECURITY 3800 SW Cedar Hills Blvd, Suite 298 Beaverton, OR 97005 503-644-5656 Office 503-214-8069 Fax 503-201-0821 Mobile www.anitian.com ___________________________________ GPG fingerprint: 16E6 C5B0 B6CB F287 776E E9A9 AF47 9914 3582 633D GPG public key available at: http://www.anitian.com/corp/keys.htm ___________________________________ Andrew Plato, CISSP President/Principal Consultant Anitian Enterprise Security --------------------------------------------------------------------------- ---------------------------------------------------------------------------
Current thread:
- RE: Is IDS/IPS worthless?, (continued)
- RE: Is IDS/IPS worthless? Jeff McLaughlin (Feb 23)
- RE: Is IDS/IPS worthless? Matthew L. McGuirl (Feb 23)
- RE: Is IDS/IPS worthless? Robert Jackson (Feb 23)
- RE: Is IDS/IPS worthless? Cure, Samuel J (Feb 23)
- Re: Is IDS/IPS worthless? Webb Wang CS (Feb 23)
- RE: Is IDS/IPS worthless? DeGennaro, Gregory (Feb 23)
- RE: Is IDS/IPS worthless? Matthew L. McGuirl (Feb 23)
- RE: Is IDS/IPS worthless? Bell, Gregory (ISS Atlanta) (Feb 23)
- IDS/IPS Value Chuck Jenson (Feb 25)
- RE: Is IDS/IPS worthless? Bob Walder (Feb 24)
- RE: Is IDS/IPS worthless? Andrew Plato (Feb 25)
- RE: Is IDS/IPS worthless? Bob Walder (Feb 26)