Experts: IDS is here to stay is an article who’s title is a little misleading. It is about IDS (Intrusion Detection Systems). Why IDS is still of value given the number of IPS (Intrusion Prevention Systems) available and why the author Bill Brenner feels IDS will be around for a long time. However, what interested me about the article was the view on customer requirements, and the security landscape.
Bill Brenner comments on who he feels are the top four IDS/IPS security vendors and the fact that they all have excellent detection technology and are backed up by security teams. Many companies don’t like the latter. They want to sell a product that requires minimal to no employee requirements. The device should be able to everything automatically without any people or with as minimal people as possbile. Although this is a wonderful goal, with security and it’s intricacies as it exists today, this is very far from the truth. Systems and automation are good, but smart people are still required. Bruce Schneier and other security professionals have echoed this again and again. “Humans will beat computers at hinkiness-detection for many decades to come”. If you create a method of detection, the bad guys will figure out a way around the method. People are still your best bet.
Bill Brenner comments on customers of security products wanting more automation, the ability to pull data from disperse systems, analyze and assemble this data into a big picture scenario more quickly. This is the message we have been receiving from our customers over the last year and is exactly what my company is constantly working toward. It is the key to having a reasonable chance of detecting and stopping the bad guys on the Internet. Given the change in security over the last decade from worms and viruses where the author’s goal was ‘fame’, now it is BotNets and spyware. The goal now is stealth not ‘fame’. Add to this the money that can be made by selling BotNet and spyware services. Current methods in the industry do not hold up these threats. My investigations for customers as of late have clearly shown this and most security professionals will echo this sentiment.
