Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
Re: [ISSForum] Gartner declares IDS obsolete by 2005
From: Darryl Luff (dluffiitscdm.com.au)
Date: Wed Jun 18 2003 - 22:01:35 CDT
Aji Abraham wrote:
>I would like to have ISS Forum member's commend on this.
That link doesn't seem to be working, but I assume it's the same as
The press release has obviously been written by a PR person summarising
a lot of reports into a few lines, and I'm sure that the people who
wrote the original reports are probably grimacing, but I don't have
access to these reports so I can't really say.
When you boil it all down, what they are saying is that IDS systems cost
a lot and provide little benefit. This is certainly true in a lot of
cases, where systems are dropped in with little thought and expected to
magically solve all problems. But this is an implementation problem and
not a problem with the technology itself. People don't put enough
thought into how they are going to manage all the alerts that are now
being generated. The same happened with firewalls when they were
initially being deployed - people thought that just because they had one
they were safe and didn't consider how they would manage them. Now the
same is happening with IDS systems.
They seem to think that combining the IDS function with a firewall will
somehow make it all suddenly work better, but I don't see how it can.
The two are logically different functions. Whether they run on the same
physical box or not is a performance issue, not a security one.
The real benefits of IDS sensors, or any other type of monitoring, come
when you have the systems and processes in place to effectively manage
the events they generate. As tools that do this well become available
and effective, the value gained from the individual sensors installed
ISSForum mailing list
TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo