Re: IDS thoughts

From: Andrew Plato (aplato_at_anitian.com)
Date: 05/20/03

  • Next message: Andrew Plato: "Re: Low cost HID based IDS system" 
    Date: Mon, 19 May 2003 18:16:53 -0700
To: <focus-ids@securityfocus.com>

    >There's really not a whole lot else to be done in the IDS market except
    >product improvements (code refinement,etc), signature maintenance, and
    >keeping up with data rates. Oh, and press releases.
    >
    >So for the IDS consumer, which the majority of us on this list are, all
    that
    >really matters is what has always mattered. Feature sets, GUI's, unit
    cost,
    >usability/manageability, forensics, maintainability, a product's
    ability to
    >integrate
    >with third-party tools, low false-positive and false-negative rates,
    etc.
    >
    >Little of what the vendor reps had to say about PSD had anything
    >to do with that. If you go back and look at the posts by any vendor
    >rep over the last year or two, it'll be the rare one that addresses
    >a customer's standard issue set.
    >
    >So when you vendor guys start talking objectively about things
    >IDS consumers like me really care about, I'll listen. I won't
    >be holding my breath waiting. In the meantime, save your
    >thinly veiled digs at each other for your marketeers.

    I disagree. If you really get under the covers of many of the popular
    IDSs on the market, you quickly realize, they are not all the same.
    Sure, all of them might SAY they detect a PSD, but that doesn't mean
    they will do it correctly or consistently. I won't point fingers or play
    favorites, but some IDSs are mostly fluff and BS. They sell because they
    have a big named attached to them and pushy sales people.

    I think the IDS space has a long way to go and there is a lot to do in
    the market. For example, we're just now seeing the acceptance of IPS
    technologies. And IDSs are getting better and more capable at filtering
    through the garbage and finding the gems (or turds, depending on how you
    look at it.) There's innovation there. However, I would agree that some
    basic stuff, like GUIs and my personal pet peeve - documentation - are
    still very much in the crappy column.

    I think one problem is that a lot of vendors suffer from poorly
    conceived sales strategies. The people who formulate sales strategies
    are dorks in suits sitting in big offices, with little customer contact.
    They have never once in their life had to actually install or manage an
    IDS, so they aren't aware of what really affects customers. These guys
    dream up strategies based on what they read on billboards and the back
    of milk cartons. They then push those strategies on sales people and
    channel managers who must religiously bark the company dogma to every
    person they meet. The result is a pitch that's more about propaganda
    than honest capability.

    If you want to really know about an IDS, talk to the people who install
    and manage them and not to sales people and vendor reps. Naturally, I
    encourage people to work with smaller, consulting-oriented resellers
    (like me!) who can offer honest advice on a number of different
    products. A good reseller skips over the sales pitch and talks about the
    realities of installing and using an IDS. As such, you will get insight
    into those issues you mentioned.

    ___________________________________
    Andrew Plato, CISSP
    President / Principal Consultant
    Anitian Corporation

    Enterprise Security &
    Infrastructure Solutions
     
    503-644-5656 Office
    503-644-8574 Fax
    503-201-0821 Mobile
    www.anitian.com
    ___________________________________

    -------------------------------------------------------------------------------
    INTRUSION PREVENTION: READY FOR PRIME TIME?

    IntruShield now offers unprecedented Intrusion IntelligenceTM capabilities
    - including intrusion identification, relevancy, direction, impact and analysis
    - enabling a path to prevention.

    Download the latest white paper "Intrusion Prevention: Myths, Challenges, and Requirements" at:
    http://www.securityfocus.com/IntruVert-focus-ids2
    -------------------------------------------------------------------------------

  • Next message: Andrew Plato: "Re: Low cost HID based IDS system"

    Relevant Pages

    • Re: IDS as a "legacy" system...
      ...  You also stated that the sales dept doesn't know ... needs to be re-introduced into the market. ... SEs aka IT Specialists had to know the product. ... Ass-n-tail's data stage), don't know IDS. ...
      (comp.databases.informix)
    • Re: Informix Positive Post #2
      ... There seems to be a bit of a misunderstanding about IBM. ... IBM doesn't market ... going to be a bigger picture than just little ol IDS. ... product line not an individual product. ...
      (comp.databases.informix)
    • Re: IDS 11 - Press Releases
      ... The stakes are high for IBM, but they apparently want to work from the top ... What they are missing is the biggest market, and the biggest market driver, ... You've been asking for a free version of IDS to play with. ... > I guarantee this, please save this message for next month. ...
      (comp.databases.informix)
    • Re: Changes in IDS Companies?
      ... > some early-on IDS companies. ... I mentioned some time ago that the IDS market ... business around but not an empire. ... exhibit constant growth. ...
      (Focus-IDS)