http://www.eweek.com/article2/0,3959,1124790,00.asp By Dennis Fisher June 11, 2003 A research report saying that intrusion detection systems are outdated and useless has angered some vendors who say that argument deliberately ignores several key facts and discounts IDS' potential. The anger stems from a press release that research firm Gartner Inc. sent out Wednesday. The release touts a recent report that concludes that IDS systems are a complete failure and recommends that enterprise IT managers take whatever money they have allocated for the technology and redirect it toward firewalls. "Intrusion detection systems are a market failure and vendors are now hyping intrusion prevention systems, which have also stalled in the marketplace," said Richard Stiennon, research vice president at Gartner, based in Stamford, Conn. "Functionality is moving into firewalls, which will perform deep packet inspection for content and malicious traffic blocking, as well as antivirus activities." That assessment is part of Gartner's Information Security Hype Cycle, which assigns positions in the cycle to a variety of technologies. IDS is among several technologies listed as "sliding into the trough." Gartner's conclusions have many IDS vendors up in arms. "They're advocating the removal of a layer of defense in-depth. They're saying IDS can't get better. They're wrong on two counts," said Martin Roesch, founder and CTO of Sourcefire Inc., based in Columbia, Md., which sells an IDS system based on the open-source Snort technology that Roesch invented. "That's just ridiculous. They're basically saying that the high-level audit function is useless and high-level inspection is the only thing you need." Other vendors disagree with Stiennon's statements about IDS, but say his thoughts on the convergence of security functions in a single device are accurate. "The statement that IDS is dead and IPS is stillborn, that's all to create emotion. We disagree with the statement that there's no value in IDS," said Tim McCormick, vice president of marketing at Internet Security Systems Inc. in Atlanta, which is in the process of rolling out a line of security appliances that combine IDS, firewall and other functions. "We built a $240 million business by inventing IDS. But the underlying message about convergence is right on. You need all the components. It's not whether IDS is better than a firewall. You need them all." The Gartner report asserts that IDS systems place too many demands on networks and IT staffs and require far too much care and feeding to be effective. Stiennon says that the new generation of firewalls that combine both network and application-level protection are what corporate networks really need. Roesch dismisses this as hype. "I guess we had the intrusion prevention craze and that lasted for about three months and now we have intelligent firewalls," he said. "Proxy firewalls are dead. Long live proxy firewalls." - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Thu Jun 12 2003 - 03:09:00 PDT