Security & Mobility Now
Security is top-of-mind everywhere, especially right here where Juniper experts share their thoughts on the latest security breakthroughs and product advancements
mrothschild

“IDS Is Dead” – Oh Really?!?

by Juniper Employee on ‎03-13-2009 09:56 AM

Several years ago, Gartner released a study that definitively proclaimed "IDS is Dead"! Within hours, battle lines were drawn. There were reports that affirmed Gartner's claim and there were reports that also vehemently refuted this assertion. The two schools of thought fought a valiant battle of ink with really no proclaimed winner.

That was then, and this is now. Several years after this epic battle, can we proclaim a winner? Looking at market reports it is undeniable that the amount of Intrusion Detection devices being sold is in decline while conversely the amount of Intrusion Prevention devices sold are on the increase. At first blush this supports the seemingly prolific assertion made by Gartner several years ago that IDS indeed in a slow but unavoidable decline.

But with the deployment of IPSs an interesting phenomenon has taken place. When visiting customers I try to learn "how" they are using their IPS. In more than 50% of the cases (keep in mind this is a non-scientific study) the customers I visited do not have the IPS taking any automated action whatsoever. No blocking or rerouting, just alerting. One financial services company confided in me that the only time they turn on automated actions when the "compliance auditors are in town".

Many reasons are cited as to why my surveyed companies do not turn on automated actions. They include:

·        Well, this is the way we always did it.

·        It will be a career limiting move to close out the wrong person at the wrong time for the wrong reason because of a false positive that the system may pick up

·        I do not trust the system to take action without me confirming the action with me

And while these concerns are all valid, much of the market has de-facto deployed IPS devices to NOT take action, effectively making them a detection only device (read IDS)! With the advances in security technology today, many of the aforementioned concerns associated with automated actions can be largely eliminated, while also saving cost. The tide is beginning to turn and companies are starting to deploy security with automated actions when suspect traffic is detected. However until the prevention portion of IPS goes mainstream, IDS remains alive and well, and IDSs will live to fight another day.

Post a Comment
Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
About Security & Mobility Now

Discussing a wide range of topics impacting enterprises and
data center security.

Subscribe RSS Icon

Our Bloggers

Kyle Adams
Senior Software Engineer

Profile | Subscribe

Ritesh Agrawal
Director
Software Engineering

Profile | Subscribe

Erin K. Banks
Senior Technical Marketing Manager

Profile | Subscribe

Ajay Bharadwaj
Product Manager

Profile | Subscribe

Michael Callahan
Vice President
Product Marketing

Profile | Subscribe

Scott Emo
Director
Product Marketing

Profile | Subscribe

Mora Gozani
Senior Manager
Product Marketing

Profile | Subscribe

Ashur Kanoon
Sr. Manager
Technical Marketing

Profile | Subscribe

Seema Kathuria
Manager
Product Marketing

Profile | Subscribe

Kevin Kennedy
Senior Director
Product Management

Profile | Subscribe

Dave Killion
Software Engineer

Profile | Subscribe

Rebecca Lawson
Senior Director
Product Marketing

Profile | Subscribe

Rajoo Nagar
Senior Manager
Product Marketing

Profile | Subscribe

Erin O'Malley
Manager
Product Marketing

Profile | Subscribe

Galina Pildush
Strategy & Planning
Architect

Profile | Subscribe

Edward Roberts
Director
Product Marketing

Profile | Subscribe

Bill Shelton
Director Field Sales

Profile | Subscribe

Ashutosh Thakur
Product Line Manager

Profile | Subscribe

Troy Vennon
Software Engineer

Profile | Subscribe

Brad Woodberg
Product Manager

Profile | Subscribe

Labels
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.