Some of you have probably seen this. Its been all over the news and elsewhere. http://www.informationweek.com/shared/printableArticle.jhtml?articleID=1 0300918 ------------ EXCERPT from article Intrusion-detection systems-software that attempts to spot and report attacks against information systems-will no longer be a defense in the information security pro's arsenal by 2005. That's the prediction coming out of research firm Gartner. "IDS as a security technology is going to disappear," says Richard Stiennon, a Gartner research director. Stiennon contends that organizations are going to so successfully harden their internal systems that the "burglar-alarm" service intrusion-detection systems provide will no longer be necessary. "Imagine a world where there are no intrusions," he says ------------ This is another example of some of the mis-information that is getting out there about IDS/IPS technologies. Hardening systems and using IPS are a great way to stop attacks. But without some kind of monitoring, you simply cannot be sure. This is like removing the camera from a bank because the bank buys a really nice vault and puts great locks on the front doors. While I would like to imagine a world where there are no intrusions, I don't think that world is coming any time soon. However, I am certain, that without monitoring, you'd never know if there WAS an intrusion. Hence, there is a certain absurdist logic here: "We have no IDS, our systems work, so we must be safe." Riiiiight. Personally, I think Gartner's report is more a product of poor IDS implementation and management. In the rush to get an IDS, many organizations do not take the time or effort to properly integrate, tune, and manage the system. As such, the system produces a ton alerts, which quickly get ignored. Also, IPS has a place and I am a big advocate for it, the idea that IDS will disappear is absurd. Any decent "defense in depth" strategy must consider multiple points of monitoring and response. IDS is merely one piece of the puzzle. A valuable piece (when its used properly.) Anyway, Anitian published a response on our web site: http://www.anitian.com/corp/papers/Gartner%20Response.pdf Curious to hear other reactions. ___________________________________ Andrew Plato, CISSP President / Principal Consultant Anitian Corporation Enterprise Security & Infrastructure Solutions 503-644-5656 Office 503-644-8574 Fax 503-201-0821 Mobile www.anitian.com ___________________________________
This archive was generated by hypermail 2b30 : Mon Jun 23 2003 - 18:59:06 PDT