home news blogs forums events research newsletter whitepapers careers


Network Computing Network Computing Network Computing
HOT PICKS

IMMERSE YOURSELF:

SOA

  |

Data Center

  |

802.11n

  |

Data Privacy

  |
APO  |

Virtualization

  |

NAC

  |

Security

  |

Network Mgmt

  |

Enterprise Apps

  |

Storage & Servers


Security
F E A T U R E  
To Catch a Thief

  August 20, 2001
  By Patrick Mueller and Greg Shipley


One word comes to mind when summing up our six months in the trenches testing the top intrusion-detection systems: schooled. Network Computing has covered the IDS industry since 1998 and has published many articles on the state of the scene, polishing and perfecting our methodologies and evaluation criteria along the way. But when we decided to take our show on the road, partner with DePaul University in Chicago and deploy 10 commercial IDSes to guard 10,000-plus live hosts, we found ourselves back in kindergarten. Unprepared is an understatement. Six months later, we're alive, but barely.



The intrusion-detection market is hot right now, with many large enterprise environments piloting IDS programs. It's so hot, in fact, that IDC says the industry is enjoying a 50 percent growth rate, and managed security service providers are coming out of the woodwork. Meanwhile, even as buyouts and fallouts shape the playing field, our reader surveys put interest in IDS above other security technologies, and spending is on the rise as well (see poll results). To add to the upheaval, after companies overcome their IDS deployment headaches, they are hit by the wave of maintenance nausea that soon follows. Obviously, the case for outsourcing some of this IDS pain is getting more and more compelling (see "The Great IDS Outsourcing Debate").

What Do Readers Think?

Check out our e-poll results
on security technologies.

With all this industry buzz, growth and money, you might think that IDS products are ready for prime time. In reality, the technology can be useful, but it's still far from mature. There are problems with signature-release timeliness. Few products can manage large amounts of data, and those that can have a tendency to overwhelm their operators. Cisco Systems and Enterasys Networks are the only providers building extremely scalable solutions. Vendors have begun addressing aggregation issues, but few have products that are useful in correlating data for high-level decision-making. (Will the situation improve anytime soon? See "The Future of IDS").

You will, however, benefit from a successful deployment. IDSes can offer a granular level of detail not achieved by basic perimeter devices and can let you keep a tighter watch on critical machines. IDSes can serve as early warning systems on impending attacks and even reduce the response times to successful attacks. They can also generate enough attack-trending data to torque the head of even the most smug CIO. Much of the activity on the Internet is truly terrifying, and today's IDSes can give you a pathway to tangible reports.

Smart IT managers in large enterprises will use NIDSes (network IDSes) to help them identify trends, basic attacks, weak systems on their networks and rogue users. Today's NIDS products generally won't stop intruders, but they can certainly help catch novice hackers and identify enterprise hot spots.

Our objective was to go beyond basic testing by using these systems to monitor and protect an enterprise-class environment. It seemed like a simple goal: Monitor the network, spot attackers and intruders, and try to stop or contain them. Unfortunately, simple was never part of the equation. We ran our IDSnet like a production network, and we have the scars to prove it. Sensors blew up. Consoles crashed. Databases got corrupted. Connectivity problems and synchronization issues hounded us. Hardware failed. Periods of information chaos and waves of rebooting hell ensued.



Bruisernet Setup

Click here to enlarge

In the end, after we got to know the products intimately, it became obvious that intrusion detection is not a fire-and-forget technology. These systems require manpower to deploy, manpower to monitor and manpower to maintain. Managers take note: If you're budgeting for an IDS deployment, don't forget the human-resources aspect -- the right people are needed if the effort is to be successful (see "How We Tested Intrusion-Detection Systems"). In addition, organizations should understand how their IDS deployments are going to affect other aspects of IT. Is there a plan to integrate security operations with network operations? What happens when you spot something that appears to be a successful attack? Are there competent people to investigate security issues once they are identified?

There are even some non-IT issues that should be addressed, such as potential violations of privacy laws or possible breaches of HR policies. While deploying a NIDS device may seem cut and dry from a policy perspective, enabling signatures that log day-trading or job-searching activities may be more invasive then your organization is willing to tolerate. It might be wise to have a brief chat with the legal team before setting sail into dangerous waters (For more on privacy laws, see "Monitoring and Privacy: Is Your Head Still in the Sand?").

A Long, Strange Trip

During our six months of testing we attempted to address some of these process issues. The route we chose was to serve as an extension of DePaul's network team. By using the products to identify critical attacks, we were able to pass incident information to the network team, which in turn contacted systems administration teams for further investigation. While this strategy worked for us, it might not work for your organization. These are process issues that have very little to do with the actual technology but will certainly affect anyone looking to deploy an IDS solution. For these and many other reasons, we strongly recommend that large organizations launch an IDS pilot program before an enterprisewide deployment. Not only will a pilot program help flush out the technical issues, it will aid in discovering process flaws as well.

Can IDSes help protect your critical assets? Absolutely -- but make sure you know their limitations and how they will affect your organization. Intrusion-detection products are becoming better alarms, but they can't replace strong locks, hardened hosts, access control devices, defined procedures and enforced policies.


   Page: 1 | 2 | 3 | Next Page





Ready to take that job and shove it?

Function:

Keyword(s):

State:
SPONSOR
RECENT JOB POSTINGS
CAREER NEWS
Go beyond Google and get vertical. These specialized search sites will help you find the business information you need -- fast.

Ari Balogh was named to the post of chief technology officer as the companys for a "realignment" of employees.










InformationWeek U.S. IT Salary Survey 2008
Salaries for business technology professionals are falling. Here's what you need to know in order to make good hiring decisions and personal career choices. Purchase Today: $299
 
ROLLING RIGHT ALONG
Follow key Network Computing Reviews from conception to completion. This Week: Holistic APM.



Network Computing Reports Emerging Enterprise Podcast Series: Secrets to Success








TechSearch


Microsite of the Week


Powerful Information at Your Fingertips



techweb
Online Communities TechWebInformationWeekLight ReadingIntelligent EnterprisebMightyNetwork ComputingDark ReadingDigital LibraryWall Street & Technology
Byte & SwitchNo JitterInternet EvolutionLight Reading's Cable Digital NewsContentinopleUnStrungBank Systems & TechnologyAdvanced TradingInsurance & Technology
Face-to-Face Events
InteropWeb 2.0 ExpoWeb 2.0 SummitVoiceConBlack HatCSISoftwareEntrprise 2.0 ConferenceGTEC
Mobile Business Expo
InformationWeek 500 ConferenceBuy Side Trading XchangeBuy Side Trading SummitBank Executive SummitInsurance Executive SummitTelcoTVEthernet ExpoOptical Expo
Magazines  
InformationWeekWall Street & TechnologyInsurance & TechnologyBank Systems & TechnologyAdvanced TradingMSDNTechNetSmart EnterpriseThe Architecture JournalDatabase Magazine
 
Research & Analyst Services  
Heavy ReadingInformationWeek ReportsInformationWeek Analytics
 
   
   
App Infrastructure   |   Messaging & Collaboration   |   Network & Systems Mgmt   |   Network Infrastructure   |   Security  |   Storage & Servers   |   Wireless   |   Enterprise Apps
About Us  |  Contact Us  |  Site Map  |  Technology Marketing Solutions  |   Briefing Centers
Copyright © 2008  United Business Media LLC  |  Privacy Statement  |  Terms of Service  |  Your California Privacy Rights