Intrusion detection remains one of today's hottest areas, but while IDS technology is sexy and evolving rapidly, we believe it offers only a limited ROI, and only if it's deployed in a sane manner. Many IDS efforts fail because the overhead required to operate and monitor large-scale deployments is underestimated. Compounding the problem is that many organizations go right from testing to deployment, bypassing the pilot phase. The result is incomplete deployments and unmonitored event logs or sensors that fall horribly behind on signature updates. In addition, most NIDS products are reactive, making them less effective protection mechanisms.
While technology designed to complement IDS, such as Lancope's StealthWatch, is taking steps away from traditional signature-based solutions, most NIDS products are still plagued by false alerts and can overwhelm administrators. Put simply, large IDS deployments can present a significant and costly burden to their operators, serving as glorified burglar alarms. Unless the NIDS industry takes some gigantic steps forward in the near term, we caution against embarking on a large-scale NIDS deployment without a strategy for handling the associated overhead.
Many organizations are turning to event correlation to lessen some of the analysis load. We think this is a smart move: Not only do aggregation and correlation solutions solve the "Where should I send and store my logs?" problem, they can reduce the time it takes to analyze and act on security events. For example, if you were a security analyst, would you rather be presented with thousands of IDS alerts from an array of sensors, or a limited number of events based on IDS alerts cross-referenced with firewall entries, referenced against host/asset databases, followed by the confirmation that the attack types match existing vulnerabilities?
If you're like most, you'd rather be told about the 20 items that you should pay attention to, not the 10,000 items that may or may not be of concern. While the correlation market is even younger than the IDS one, it promises to bring relevancy to a sea of otherwise misleading data points. Unfortunately, these correlation solutions are hefty investments and often require resource-intensive deployment efforts.
REPORTS
Analyize In-Line NAC strategies and products.
ANALYTICS Plan and design your enterprise blade server deployments
2009 IT Salary Survey: Meager Raises, Solid Prospects
Though raises are notably smaller than a year ago, and job security’s shrinking, IT careers are looking safer than many others in this economic downturn. Get all the findings in InformationWeek's 2009 IT Salary Survey. Available FREE for a limited time.
REPORTS
ANALYTICS
Follow 
