News Focus
Closing the security gap
RSA Conference
Analyst Mike Rasmussen of Giga agreed: "75 percent of IDS installations were failures," he said, blaming a failure to allocate enough resources to weed out the false positives, where the IDS issues a false alarm. But intrusion prevention--where systems are designed to respond automatically to prevent an attack having any effect -- is not necessarily the panacea it is made out to be, he warned: "In many cases, it's the old vendors abusing the term."
The phrase "intrusion prevention" remains problematic for some. "I hate the term. Isn't that what a firewall should do?" said analyst Pete Lindstrom of Spire Security. Where IDS systems use pattern matching on payloads to identify an attack, intrusion prevention systems should operate more intelligently, he said.
On the show floor, delegates were if anything more cynical. Several who declined to be named said they felt that intrusion prevention systems were simply an attempt to make a fresher-sounding buzzword.
Despite the supposed death of IDS, interest in the concept remains strong, however. Jack Phillips, managing partner of the Institute for Applied Network Security, reported that at seminars he organizes, IDS and related issues of prevention remains a very strong topic of interest, along with the issue of managing enterprise security.
For IT managers, concerns are even more practical. "If they buy a best-of-breed device, such as an IDS system, they are skeptical about being 'inherited' by a suite vendor that merges with their vendor of choice," said Phillips.
