RealNews

Intrusion detection should be a function, not a product

Intrusion detection’s permanent placement in the Trough of Disillusionment of the Gartner Hype Cycle for Information Security does not mean that it is obsolete. Intrusion detection should be incorporated into other products instead of being implemented as a stand-alone product. A flood of questions In a recent report, “Hype Cycle for Information Security, 2003,” Gartner stated that “intrusion detection systems are a market failure. Vendors are now hyping intrusion prevention systems, which also have stalled. The functionality is moving into firewalls, which will perform deep packet inspection for content and malicious traffic blocking, as well as antivirus activities.” Although this statement was supported by recent research, it generated a barrage of questions from Gartner clients: Should I simply not try to detect network intrusions? You should continue to detect intrusions. However, you shouldn’t invest in stand-alone, network-based intrusion detection systems (IDSs). Network-based IDSs suffer from two major shortcomings: Too many “false alarms” occur Without extensive, continual tuning, network-based IDSs generate thousands of alerts for every actual attack detected. Full Story

OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.