Hosting Provided By

Re: IDS thoughts

From: Andrew Plato <aplato(at)anitian.com>
Date: Mon May 19 2003 - 21:16:53 EDT

>There's really not a whole lot else to be done in the IDS market except
that
>really matters is what has always mattered. Feature sets, GUI's, unit
cost,
>usability/manageability, forensics, maintainability, a product's
ability to
>integrate
etc.
>
>Little of what the vendor reps had to say about PSD had anything

I disagree. If you really get under the covers of many of the popular IDSs on the market, you quickly realize, they are not all the same. Sure, all of them might SAY they detect a PSD, but that doesn't mean they will do it correctly or consistently. I won't point fingers or play favorites, but some IDSs are mostly fluff and BS. They sell because they have a big named attached to them and pushy sales people.

I think the IDS space has a long way to go and there is a lot to do in the market. For example, we're just now seeing the acceptance of IPS technologies. And IDSs are getting better and more capable at filtering through the garbage and finding the gems (or turds, depending on how you look at it.) There's innovation there. However, I would agree that some basic stuff, like GUIs and my personal pet peeve - documentation - are still very much in the crappy column.

I think one problem is that a lot of vendors suffer from poorly conceived sales strategies. The people who formulate sales strategies are dorks in suits sitting in big offices, with little customer contact. They have never once in their life had to actually install or manage an IDS, so they aren't aware of what really affects customers. These guys dream up strategies based on what they read on billboards and the back of milk cartons. They then push those strategies on sales people and channel managers who must religiously bark the company dogma to every person they meet. The result is a pitch that's more about propaganda than honest capability.

If you want to really know about an IDS, talk to the people who install and manage them and not to sales people and vendor reps. Naturally, I encourage people to work with smaller, consulting-oriented resellers (like me!) who can offer honest advice on a number of different products. A good reseller skips over the sales pitch and talks about the realities of installing and using an IDS. As such, you will get insight into those issues you mentioned.

Andrew Plato, CISSP
President / Principal Consultant
Anitian Corporation

Enterprise Security &
Infrastructure Solutions

503-644-5656 Office
503-644-8574 Fax
503-201-0821 Mobile

www.anitian.com

INTRUSION PREVENTION: READY FOR PRIME TIME? IntruShield now offers unprecedented Intrusion IntelligenceTM capabilities - including intrusion identification, relevancy, direction, impact and analysis - enabling a path to prevention.

Download the latest white paper "Intrusion Prevention: Myths, Challenges, and Requirements" at: http://www.securityfocus.com/IntruVert-focus-ids2

Received on Tue May 20 12:50:41 2003

This message: [ Message body ]
Next message: Andrew Plato: "Re: Low cost HID based IDS system"
Previous message: Zach Forsyth: "RE: Low cost HID based IDS system"
In reply to Randy Taylor: "IDS thoughts"
Reply: Stefano Zanero: "Re: IDS thoughts"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:12 EDT

Do you need help?