Recent anti-NIDS Gartner article

["Srinivasa Rao Addepalli" <srao () intotoinc com>]

One of the primary goals of IDSes (inline or otherwise) is to detect
the intention of intrusions. Yes, it is true that Firewall with
application intelligence protect the servers and infrastructure and 
they are needed as part of comprehensive security solution.

I understand from the report that, more resources in IS department
are required to analyze the attacks. It is also true that today IDSes
generate too many logs which turn out to be either false positives
OR logs that are not applicable for that environment. Unless these
problems are fixed, IDSes will demise over the time. 

IDS technology is greatly improved in recent times with more and
more IDS products coming out with application intelligence. These
reduce the false positives. But, other problem that need to be fixed
is specific to the deployment environment. IDSes should be 
flexible to be tunable by the users such as deletion of un-wanted
signature rules, modification of signature rules, setting up typical
characteristics of traffic etc.. This might 
sound like need for IT resources, but in the effort it takes to analyze
unwanted logs is significantly higher. 


Thank you for your time.
Srini



Intoto Inc. 
Enabling Security Infrastructure
3160, De La Cruz Blvd #100
Santa Clara, CA 95054
www.intotoinc.com

-------------------------------------------------------------------------------
Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the 
world's premier technical IT security event! 10 tracks, 15 training sessions, 
1,800 delegates from 30 nations including all of the top experts, from CSO's to 
"underground" security specialists.  See for yourself what the buzz is about!  
Early-bird registration ends July 3.  This event will sell out. www.blackhat.com
-------------------------------------------------------------------------------