I recently answered this question where the person wanted to get people's opinion on Gartner’s take on Intrusion Detection Systems (IDS).
Gartner says that intrusion detection systems are a costly and ineffective investment that does not add an additional layer of security as promised by vendors. The company recommends that enterprises redirect their security expenditures to firewall vendors that offer both network-level and application-level firewall capabilities in an integrated product … Intrusion detection systems are a market failure, and vendors are now hyping intrusion prevention systems, which have also stalled … Functionality is moving into firewalls, which will perform deep packet inspection for content and malicious traffic blocking, as well as anti-virus activities.
In my response I pointed out that if your ONLY security solution is a list of products from vendors then of course they cannot live up to your expectations. Here was my response in full:
I guess its time to repeat my mantra "Security is not a product." You cannot buy security because you cannot be secure. All you can do is effectively assess and manage risk.
- What does an IDS provide if you don't understand the value and location of your business assets both from the business's perspective and the criminals perspective? Hint: Just because you don't see the value doesn't mean your competitor or the scam artist doesn't.
- What does an IDS provide if you don't know all the paths to those assets and the strength of the controls in place to protect them? The door is locked but the window is open syndrome.
- What does the IDS provide if no one knows what is normal and what isn't. I am still amazed when server owners want me to review their logs for "Bad stuff" If the owner doesn't know what is normal how do you expect me to?
- What does the IDS provide if no one is looking at it? The IDS is a tool. Tools are used by professionals. Why get one without the other?
- What does the IDS provide if its in the wrong place? This comes back to understanding ALL the paths to your assets.
- What does the IDS provide if your security initiatives are a list of products? Unless dedicated professionals are there helping to identify, assess, and help manage your risks then all your IDS will tell you is how much money is walking out the door in lost opportunities.
No comments:
Post a Comment