Don't blame the IDS

Don't blame the IDS
Don Parker, 2007-11-09

Some years ago, I remember reading a press release from the Gartner Group. It was about intrusion detection systems (IDS) offering little return for the monetary investment in them and furthermore, that this very same security technology would be obsolete by the year 2005. A rather bold statement and an even bolder prediction on their part.

Expand all | Post comment

Don't blame the IDS 2007-11-10
Anonymous

Don't blame the IDS 2007-11-11
Param

Yes, let's blame the IDS 2007-11-12
assurbanipal (1 replies)

Re: Yes, let's blame the IDS 2007-11-13
Anonymous

Don't blame the IDS 2007-11-12
Gandalf

Don't blame the IDS 2007-11-12
Anonymous (1 replies)

Re: Don't blame the IDS 2007-11-13
Ryan Wegner

Don't blame the IDS 2007-11-13
Anonymous

Don't blame the IDS 2007-11-14
John Sloan (1 replies)

Re: Don't blame the IDS 2007-11-17
Ari Takanen (Codenomicon)

Don't blame the IDS 2007-11-19
Anonymous

NSM == IDS++ 2007-11-26
Hanashi

Honestly, I just don't see how an organization of any size can really do without IDS at some level. True, there are limitations to IDS technology, but that's no reason to junk it. Instead, you can leverage other data sources to extend and enhance the core IDS. This is the premise of Network Security Monitoring (NSM). I've been involved in this for a few years now, and I can state firsthand that it's made a big improvement in our security posture. Not only have we vastly increased our detection of security incidents, but we also use the collected data to augment our incident handling process as well. We're using Sguil (http://www.sguil.net/) though that's not the only solution.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/457/34812#34812