Don't blame the IDS

Don't blame the IDS
Don Parker, 2007-11-09

Some years ago, I remember reading a press release from the Gartner Group. It was about intrusion detection systems (IDS) offering little return for the monetary investment in them and furthermore, that this very same security technology would be obsolete by the year 2005. A rather bold statement and an even bolder prediction on their part.

Expand all | Post comment

Don't blame the IDS 2007-11-10
Anonymous

Don't blame the IDS 2007-11-11
Param

Yes, let's blame the IDS 2007-11-12
assurbanipal (1 replies)

Re: Yes, let's blame the IDS 2007-11-13
Anonymous

Don't blame the IDS 2007-11-12
Gandalf

Don't blame the IDS 2007-11-12
Anonymous (1 replies)

Re: Don't blame the IDS 2007-11-13
Ryan Wegner

Don't blame the IDS 2007-11-13
Anonymous

Don't blame the IDS 2007-11-14
John Sloan (1 replies)

Yes, of course IDS is a pain to configure and to manage, and you need to have an analyst looking at it who can do more than tie their shoes and wave bye-bye.

But IDS is how you look at your network. If you don't have an IDS (or something that provides the equivalent functionality), you are not looking at your network and you cannot see what is happening.

Sure, we desperately need to have better event filtering, correlation, analysis and abnormality detection as well as whatever else can help to pull out useful information from the firehose of events that pours out of IDS, but IDS is the foundation: Without an IDS, you are NOT watching your network, and there are none so blind as those who will not see.

JS

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/457/34797#34797

Re: Don't blame the IDS 2007-11-17
Ari Takanen (Codenomicon)

Don't blame the IDS 2007-11-19
Anonymous

NSM == IDS++ 2007-11-26
Hanashi

Don't blame the IDS 2009-08-14
Anonymous