Tuesday, January 25, 2022

Gartner pans current intrusion detection systems

Money slated for intrusion detection should be invested in firewalls, according to research firm Gartner, Inc. Gartner claims its Information Security Hype Cycle released in June shows that intrusion detection system (IDS) technology does not add an additional layer of security as promised by vendors. The company charges that in many cases, IDS implementation has proven to be costly and an ineffective investment.

Gartner recommends that enterprises redirect the money they would have spent on IDS toward defense applications such as those offered by thought-leading firewall vendors that offer both network-level and application-level firewall capabilities in an integrated product.

“Intrusion detection systems are a market failure, and vendors are now hyping intrusion prevention systems, which have also stalled,” noted Richard Stiennon, Gartner research vice president, in a company announcement. “Functionality is moving into firewalls, which will perform deep packet inspection for content and malicious traffic blocking, as well as anti-virus activities.”

According to the Gartner Information Security Hype Cycle research, IDSs create false positives and negatives resulting in a taxing incident-response process and an increased burden on the IS organization by requiring constant monitoring. Another downfall cited is an inability to monitor traffic at transmission rates greater than 600 megabits per second.

“Firewalls are the most-effective defense against cyberintruders on the network, and they are becoming increasingly better at blocking network-based attacks,” said Stiennon. “To be considered as a challenger, visionary or leader, a vendor must have both network-level and application-level firewall capabilities in an integrated product. Vendors that have only one or the other will be niche players.”

But just firewalls as we have known them are not the answer and to recommend them could be misleading, counters Ric Walford, sales engineer for Advanced Technology Solutions at Network Associates Inc. in Canada.

Walford admits that “there is some truth that [for] IDSs as we know them, their useful life is coming to an end.” However, he adds that it is just a matter of naming “whether you call the successor product a firewall taking on the functionality of IDSs moving into the prevention side of the business or whether you take an IDS product and call it an IPS, an intrusion prevention product.”

He notes the traditional IDSs are often for PC-based platforms with standard operating systems or Linux operating systems and driven by general purpose processors. “They are fairly simplistic in terms of rules they can apply and therein lies some of the problems in terms of the number of false alerts that they get. With a traditional IDS, it is not unreasonable that you would get 20,000 alerts in a day. Many customers we talk to have that kind of issue. The problem is how do you sort through 20,000 alerts in a day and figure out the ones that are real?”

According to Walford, there is a new series of technologies geared around deep packet extension. “Some of that technology can exist in a firewall and some in what we would call next generation IDS.”

He also counters that while the role be

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication. Click this link to send me a note →

Jim Love, Chief Content Officer, IT World Canada

After being all-digital last year, the Consumer Electronics Show is back in Las Vegas for 2022. Find all the latest news and announcements from the showroom floor at CES 2022.

Related Tech News