This article can also be found in the Premium Editorial Download "Information Security magazine: Best-of-breed: Security Products of the Year: 2006."
Download it now to read this article plus other related content.
Information Security & SearchSecurity.com Products of the year 2006
Intrusion Detection Signature- and anomaly-based host and network IDS products
Clearly, IDS has a home in the enterprise, despite doomsday predictions, as a weapon against an ever-evolving hacker landscape.
Intrusion prevention may be threat management's flight of fancy, but there's still clearly a place for standby intrusion detection in an enterprise environment.
The death knell apparently rang prematurely for intrusion detection systems, as many security managers understand its function and value, and are unwilling to abandon a technology that affords them network awareness and forensic capabilities.
It's here that CA's eTrust Intrusion Detection product scored well to earn a gold medal in intrusion detection.
Excellent scores in security capabilities, feature sets and overall quality put eTrust over the top. The product is a versatile weapon against an ever-evolving hacker landscape.
A southern U.S. university, for example, deployed eTrust Intrusion Detection, among other CA security products, in its environment to help secure a new online master's degree program for the Department of Homeland Security. The school was concerned about protecting the identities of its students who worked for DHS. eTrust Intrusion Detection alerted IT managers to potential attacks and helped the college run its program successfully and securely.
Security managers can either remotely or centrally manage eTrust Intrusion Detection. The product protects against known attacks by pinpointing traffic patterns that offend established policies and cutting off sessions that are clearly against policy.
It's natural that systems management giant CA's eTrust Intrusion Detection integrates easily with the company's flagship eTrust Security Command Center and eTrust Vulnerability Manager.
Another IDS sweet spot is forensics. eTrust Intrusion Detection logs data that can be analyzed from leading databases like SQL Server and Oracle. Logging features also can be tweaked to track user behavior on the network, as well as application performance. The product can also be used to monitor HTTP, SMTP, FTP and Telnet traffic, and offers URL blocking and access control features that deny user visits to prohibited sites.
Clearly, IDS has a home in the enterprise, despite doomsday predictions. The technology has lived beyond its death sentence, and its future will be determined by its ability to correlate and visualize the data it generates, keep false positives and negatives to a minimum, and stabilize bandwidth consumption.
Who goes there? This host-based IDS complements Symantec's network security products and is well-regarded by users for security, performance and overall quality.
Internet Security Systems
Standing the test of time with nearly a decade in the IDS market, RealSecure remains a strong component of ISS's security portfolio and continues to draw strong user ratings for overall quality.
This was first published in February 2006