[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [ISSForum] Gartner declares IDS obsolete by 2005



Aji Abraham wrote:

Hello,

I would like to have ISS Forum member's  commend on this.


http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci90596
1,00.html

That link doesn't seem to be working, but I assume it's the same as http://www.gartner.com/5_about/press_releases/pr11june2003c.jsp.

The press release has obviously been written by a PR person summarising a lot of reports into a few lines, and I'm sure that the people who wrote the original reports are probably grimacing, but I don't have access to these reports so I can't really say.

When you boil it all down, what they are saying is that IDS systems cost a lot and provide little benefit. This is certainly true in a lot of cases, where systems are dropped in with little thought and expected to magically solve all problems. But this is an implementation problem and not a problem with the technology itself. People don't put enough thought into how they are going to manage all the alerts that are now being generated. The same happened with firewalls when they were initially being deployed - people thought that just because they had one they were safe and didn't consider how they would manage them. Now the same is happening with IDS systems.

They seem to think that combining the IDS function with a firewall will somehow make it all suddenly work better, but I don't see how it can. The two are logically different functions. Whether they run on the same physical box or not is a performance issue, not a security one.

The real benefits of IDS sensors, or any other type of monitoring, come when you have the systems and processes in place to effectively manage the events they generate. As tools that do this well become available and effective, the value gained from the individual sensors installed will increase.


_______________________________________________
ISSForum mailing list
ISSForum@xxxxxxx

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo