-
June 12th, 2003, 02:36 PM
#1
gartner.com IDS market analysis - idiots!!!
I've been reading the hereby article, and I can't understand their motivation for what they published:http://thewhir.com/marketwatch/gar061103.cfm
Gartner says that "Intrusion detection systems are a market failure" and that "Intrusion detection systems are a costly and ineffective investment that does not add an additional layer of security as promised by vendors. "
Gartner point is to secure a system, flows shall be blocked at an application layer (that's Intrusion Prevention System). kinda stateful firewall with enhanced conection tracking, nothing really new!!!
I fully disagree with the analysis because:
1- monitoring
Yes, an IDS do not directly protect a network,
Yes, an IDS can't log everything,
but it has a very important field; giving info to security admins without alerting the attacker. By using a firewall many attack attempt will fail and be reported to admins, but one attemp can reach its goal & no admins will know about it, where an IDS could possibly cover it.
2- IDS diversity
IDS r not simply a Network Intrusion Detection System following rules and/or signatures like Gartner seems to reduce IDS field of action.
There r many type of IDS:
- Network IDS:
- Heuristic based NIDS
- Neuronal based NIDS
- rule based NIDS
- signature based NIDS
- hybrid based NIDS
- File system IDS (FIDS)
- Host IDS
- ...
Ok sorry I'm a bit upset by reading such middle age point of view.
[shadow] SHARING KNOWLEDGE[/shadow]
-
June 12th, 2003, 02:52 PM
#2
Junior Member
Gartner try to influence the IT market. For the dot.com, they succeed, until the balloon explodes. Most of the time they are late or inaccurate. It's likely they live in an ivory tower!
For the IDS part... A IDS are my eyes on the network, like the events log!!! Without it, I'm blind! On the other hand, I'm not sure i will pay the price ask by the IDS vendor, far too expensive. I turn to open source snort.
-
June 12th, 2003, 02:53 PM
#3
Before you jumps all over middel agers remember most of them working in security prefer to use also this is just busniess analysts sticking their noses where it dosn't belong.
Remember Gartner is a shill for Microsoft and is mostly responsable or MS domination of the busniess market (they talk to upper managment that listen for some reason, who ten push MS on IT). If Gartner is bashing IDS in favior of IPS (not a new idea but a new name for it) you better be prepared for the MS IPS to roll out soon.
Originally posted here by forn28
For the IDS part... A IDS are my eyes on the network, like the events log!!! Without it, I'm blind! On the other hand, I'm not sure i will pay the price ask by the IDS vendor, far too expensive. I turn to open source snort.
Oh ya I had let Snort slip my mind...now we see the reason, IDS is dominated by open source so of course it is worhtless in the eyes of Gartner
Who is more trustworthy then all of the gurus or Buddha’s?
-
June 12th, 2003, 04:37 PM
#4
Gartner tends to say stuff we techies just don't get. Unfortunately alot of managers believe anything and everything Gartner proclaims.
Oliver's Law:
Experience is something you don't get until just after you need it.
-
June 12th, 2003, 04:48 PM
#5
Yes, an IDS can't log everything,
Wrong, Niksun NetDetector does. It can take new signatures and retro-actively deploy them, reconstruct sessions, showing all commands, files that were uploaded, etc...Waaaay cool...You of course pay dearly for it, but nice...
/nebulus
There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.
(Merovingian - Matrix Reloaded)
-
June 13th, 2003, 08:55 AM
#6
Junior Member
m&m networks...
From my point of view, the problem with Gartner's position, is that it would create a network that is like an m&m... hard on the outside, soft on the inside. IIRC, the vast majority of "break-ins" are inside jobs. If you have an IDS on the inside of the network (as I believe you should -- along with one on the outside), you'll have some idea of what is going on.
Besides, if someone breaks the firewall, how are you supposed to know if you don't have an IDS?
-
June 13th, 2003, 09:28 AM
#7
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|