Issue TOC Print full article Print this page Download as PDF E-Mail this URL Discuss this article Flame the author     In this article Introduction Vulnerability Management Firewalls Get Hotter Control Issues Event Correlation HIP Hosts Technology Areas How We Got Here

Intrusion detection remains one of today's hottest areas, but while IDS technology is sexy and evolving rapidly, we believe it offers only a limited ROI, and only if it's deployed in a sane manner. Many IDS efforts fail because the overhead required to operate and monitor large-scale deployments is underestimated. Compounding the problem is that many organizations go right from testing to deployment, bypassing the pilot phase. The result is incomplete deployments and unmonitored event logs or sensors that fall horribly behind on signature updates. In addition, most NIDS products are reactive, making them less effective protection mechanisms.

While technology designed to complement IDS, such as Lancope's StealthWatch, is taking steps away from traditional signature-based solutions, most NIDS products are still plagued by false alerts and can overwhelm administrators. Put simply, large IDS deployments can present a significant and costly burden to their operators, serving as glorified burglar alarms. Unless the NIDS industry takes some gigantic steps forward in the near term, we caution against embarking on a large-scale NIDS deployment without a strategy for handling the associated overhead.