A research report saying that intrusion detection systems are outdated and useless has angered some vendors who say that argument deliberately ignores several key facts and discounts IDS potential.
The anger stems from a press release that research firm Gartner Inc. sent out Wednesday. The release touts a recent report that concludes that IDS systems are a complete failure and recommends that enterprise IT managers take whatever money they have allocated for the technology and redirect it toward firewalls.
"Intrusion detection systems are a market failure and vendors are now hyping intrusion prevention systems, which have also stalled in the marketplace," said Richard Stiennon, research vice president at Gartner, based in Stamford, Conn. "Functionality is moving into firewalls, which will perform deep packet inspection for content and malicious traffic blocking, as well as antivirus activities."
That assessment is part of Gartners Information Security Hype Cycle, which assigns positions in the cycle to a variety of technologies. IDS is among several technologies listed as "sliding into the trough."
Gartners conclusions have many IDS vendors up in arms. "Theyre advocating the removal of a layer of defense in-depth. Theyre saying IDS cant get better. Theyre wrong on two counts," said Martin Roesch, founder and CTO of Sourcefire Inc., based in Columbia, Md., which sells an IDS system based on the open-source Snort technology that Roesch invented. "Thats just ridiculous. Theyre basically saying that the high-level audit function is useless and high-level inspection is the only thing you need."