I've been reading the hereby article, and I can't understand their motivation for what they published:http://thewhir.com/marketwatch/gar061103.cfm
Gartner says that "Intrusion detection systems are a market failure" and that "Intrusion detection systems are a costly and ineffective investment that does not add an additional layer of security as promised by vendors. "
Gartner point is to secure a system, flows shall be blocked at an application layer (that's Intrusion Prevention System). kinda stateful firewall with enhanced conection tracking, nothing really new!!!
I fully disagree with the analysis because:
1- monitoring
Yes, an IDS do not directly protect a network,
Yes, an IDS can't log everything,
but it has a very important field; giving info to security admins without alerting the attacker. By using a firewall many attack attempt will fail and be reported to admins, but one attemp can reach its goal & no admins will know about it, where an IDS could possibly cover it.
2- IDS diversity
IDS r not simply a Network Intrusion Detection System following rules and/or signatures like Gartner seems to reduce IDS field of action.
There r many type of IDS:
- Network IDS:
- Heuristic based NIDS
- Neuronal based NIDS
- rule based NIDS
- signature based NIDS
- hybrid based NIDS
- File system IDS (FIDS)
- Host IDS
- ...
Ok sorry I'm a bit upset by reading such middle age point of view.
Reply With Quote