A research report saying that intrusion detection systems are outdated and useless has angered some vendors who say that argument deliberately ignores several key facts and discounts IDS potential.
The anger stems from a press release that research firm Gartner Inc. sent out Wednesday. The release touts a recent report that concludes that IDS systems are a complete failure and recommends that enterprise IT managers take whatever money they have allocated for the technology and redirect it toward firewalls.
“Intrusion detection systems are a market failure and vendors are now hyping intrusion prevention systems, which have also stalled in the marketplace,” said Richard Stiennon, research vice president at Gartner, based in Stamford, Conn. “Functionality is moving into firewalls, which will perform deep packet inspection for content and malicious traffic blocking, as well as antivirus activities.”
That assessment is part of Gartners Information Security Hype Cycle, which assigns positions in the cycle to a variety of technologies. IDS is among several technologies listed as “sliding into the trough.”
Gartners conclusions have many IDS vendors up in arms. “Theyre advocating the removal of a layer of defense in-depth. Theyre saying IDS cant get better. Theyre wrong on two counts,” said Martin Roesch, founder and CTO of Sourcefire Inc., based in Columbia, Md., which sells an IDS system based on the open-source Snort technology that Roesch invented. “Thats just ridiculous. Theyre basically saying that the high-level audit function is useless and high-level inspection is the only thing you need.”
Other vendors disagree with Stiennons statements about IDS, but say his thoughts on the convergence of security functions in a single device are accurate.
“The statement that IDS is dead and IPS is stillborn, thats all to create emotion. We disagree with the statement that theres no value in IDS,” said Tim McCormick, vice president of marketing at Internet Security Systems Inc. in Atlanta, which is in the process of rolling out a line of security appliances that combine IDS, firewall and other functions. “We built a $240 million business by inventing IDS. But the underlying message about convergence is right on. You need all the components. Its not whether IDS is better than a firewall. You need them all.”
The Gartner report asserts that IDS systems place too many demands on networks and IT staffs and require far too much care and feeding to be effective. Stiennon says that the new generation of firewalls that combine both network and application-level protection are what corporate networks really need.
Roesch dismisses this as hype. “I guess we had the intrusion prevention craze and that lasted for about three months and now we have intelligent firewalls,” he said. “Proxy firewalls are dead. Long live proxy firewalls.”