Does Intrusion Detection Work?

The much-hyped intrusion detections systems (IDS) that have been on the market for the past few years are supposed to protect enterprise networks and IT infrastructure from unauthorized access. But are they as reliable as many believe they are? Leon Erlanger, the author of a story published last week by E-Commerce Times entitled Intrusion Detection Needs a Dose of Prevention, writes that the technology isn't always as effective as some vendors claim. In fact, a lot of IT security experts caution organizations from placing too much trust in IDS.

"The management and performance drawbacks of IDS are so notorious that a Gartner information security report published in June 2003 declared the category a market failure," writes Erlanger. "Instead, Gartner recommended that organizations hold off investing in IDS and shift resources to vulnerability scanning, server hardening, and deep-packet inspection firewalls, which are more adept than standard firewalls at detecting and stopping application-level attacks."

According to the story, IDS, unless painstakingly calibrated when installed, tends to be too indiscriminate in assessing intrusions. The story quotes IT managers who spent inordinate amounts of time and energy sorting out IDS false alarms.

Sources in the story go on to recommend more IDS alternatives.

"Another category to consider for specifically protecting Web servers and other DMZ applications is a Web application firewall," writes the author. "Host-based intrusion prevention software can also provide additional protection for public-facing applications and critical internal servers."

To read the full version of the story, visit: http://www.ecommercetimes.com/story/33812.html.