Results 1 to 7 of 7

Thread: gartner.com IDS market analysis - idiots!!!

  1. #1
    Senior Member
    Join Date
    Nov 2002
    Posts
    382

    gartner.com IDS market analysis - idiots!!!

    I've been reading the hereby article, and I can't understand their motivation for what they published:http://thewhir.com/marketwatch/gar061103.cfm

    Gartner says that "Intrusion detection systems are a market failure" and that "Intrusion detection systems are a costly and ineffective investment that does not add an additional layer of security as promised by vendors. "

    Gartner point is to secure a system, flows shall be blocked at an application layer (that's Intrusion Prevention System). kinda stateful firewall with enhanced conection tracking, nothing really new!!!

    I fully disagree with the analysis because:
    1- monitoring
    Yes, an IDS do not directly protect a network,
    Yes, an IDS can't log everything,
    but it has a very important field; giving info to security admins without alerting the attacker. By using a firewall many attack attempt will fail and be reported to admins, but one attemp can reach its goal & no admins will know about it, where an IDS could possibly cover it.

    2- IDS diversity
    IDS r not simply a Network Intrusion Detection System following rules and/or signatures like Gartner seems to reduce IDS field of action.
    There r many type of IDS:
    - Network IDS:
    • Heuristic based NIDS
    • Neuronal based NIDS
    • rule based NIDS
    • signature based NIDS
    • hybrid based NIDS

    - File system IDS (FIDS)
    - Host IDS
    - ...

    Ok sorry I'm a bit upset by reading such middle age point of view.
    [shadow] SHARING KNOWLEDGE[/shadow]

  2. #2
    Junior Member
    Join Date
    Jul 2002
    Posts
    18
    Gartner try to influence the IT market. For the dot.com, they succeed, until the balloon explodes. Most of the time they are late or inaccurate. It's likely they live in an ivory tower!

    For the IDS part... A IDS are my eyes on the network, like the events log!!! Without it, I'm blind! On the other hand, I'm not sure i will pay the price ask by the IDS vendor, far too expensive. I turn to open source snort.

  3. #3
    Senior Member
    Join Date
    Mar 2003
    Location
    central il
    Posts
    1,779
    Before you jumps all over middel agers remember most of them working in security prefer to use also this is just busniess analysts sticking their noses where it dosn't belong.
    Remember Gartner is a shill for Microsoft and is mostly responsable or MS domination of the busniess market (they talk to upper managment that listen for some reason, who ten push MS on IT). If Gartner is bashing IDS in favior of IPS (not a new idea but a new name for it) you better be prepared for the MS IPS to roll out soon.

    Originally posted here by forn28

    For the IDS part... A IDS are my eyes on the network, like the events log!!! Without it, I'm blind! On the other hand, I'm not sure i will pay the price ask by the IDS vendor, far too expensive. I turn to open source snort.
    Oh ya I had let Snort slip my mind...now we see the reason, IDS is dominated by open source so of course it is worhtless in the eyes of Gartner
    Who is more trustworthy then all of the gurus or Buddha’s?

  4. #4
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    Gartner tends to say stuff we techies just don't get. Unfortunately alot of managers believe anything and everything Gartner proclaims.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  5. #5
    Jaded Network Admin nebulus200's Avatar
    Join Date
    Jun 2002
    Posts
    1,356
    Yes, an IDS can't log everything,
    Wrong, Niksun NetDetector does. It can take new signatures and retro-actively deploy them, reconstruct sessions, showing all commands, files that were uploaded, etc...Waaaay cool...You of course pay dearly for it, but nice...

    /nebulus
    There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.

    (Merovingian - Matrix Reloaded)

  6. #6
    Junior Member
    Join Date
    Jun 2003
    Posts
    2

    m&m networks...

    From my point of view, the problem with Gartner's position, is that it would create a network that is like an m&m... hard on the outside, soft on the inside. IIRC, the vast majority of "break-ins" are inside jobs. If you have an IDS on the inside of the network (as I believe you should -- along with one on the outside), you'll have some idea of what is going on.

    Besides, if someone breaks the firewall, how are you supposed to know if you don't have an IDS?

  7. #7
    Senior Member
    Join Date
    Nov 2002
    Posts
    382

    Angry

    I didn't know Gartner, and now on I understand their motivation thanx to u guys!

    I hate those guys that try to abuse the system on which they make business ! The internet and especially TCP/IP design relied on an utopia: A networking community that will share code and information for the good of mankind!

    That was a bit naive, we can see that with the billions of security issues, but thanx to *nix, & especially linux, the true spirit is still there!

    I will never be grateful enough to Linux premium designers for saving the internet spirit(thanx men)!

    In my business now on I'll be wiser with Gartner - Their r pain of the ass .

    The ip community will survive !
    [shadow] SHARING KNOWLEDGE[/shadow]

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •