Intruder Alert: Looking at the numbers

		1. Which of the following would you most like improved in your intrusion detection (IDS) or intrusion prevention system (IPS)? (Select up to three.)*
		35.60%	Better detection and prevention of insider threats, such as employees abusing policy and downloading proprietary information onto flash drives
		32.70%	Better spyware prevention, fewer false positives and the ability to separate serious attacks from network noise
		30.40%	Detect unknown/zero-day attacks
		25.80%	Decrease/prevent viruses and worms
		25.20%	Correlate threats to vulnerabilities
		* - Top five most-popular results listed
		2. Rate your satisfaction with each of the following intrusion defense products deployed in your organization:
		Network firewalls:
		71.57%	Very satisfied
		23.20%	Somewhat satisfied
		2.61%	Not satisfied
		2.61%	Haven't deployed it
		Antivirus/desktop:
		64.38%	Very satisfied
		31.05%	Somewhat satisfied
		3.27%	Not satisfied
		1.31%	Haven't deployed it
		Antivirus/server:
		60.13%	Very satisfied
		30.72%	Somewhat satisfied
		3.92%	Not satisfied
		5.23%	Haven't deployed it
		Antivirus/gateway:
		51.96%	Very satisfied
		29.08%	Somewhat satisfied
		3.92%	Not satisfied
		15.03%	Haven't deployed it
		Host/application firewalls:
		33.99%	Very satisfied
		34.97%	Somewhat satisfied
		3.92%	Not satisfied
		27.12%	Haven't deployed it
		Antispyware/desktop:
		26.80%	Very satisfied
		38.89%	Somewhat satisfied
		14.38%	Not satisfied
		19.93%	Haven't deployed it
		Network-based IDS:
		26.80%	Very satisfied
		40.85%	Somewhat satisfied
		8.82%	Not satisfied
		23.53%	Haven't deployed it
		Routers/switches with content/application filtering built in:
		27.78%	Very satisfied
		32.03%	Somewhat satisfied
		4.25%	Not satisfied
		35.95%	Haven't deployed it
		Antispyware/gateway:
		22.55%	Very satisfied
		27.45%	Somewhat satisfied
		11.44%	Not satisfied
		38.56%	Haven't deployed it
		Antispyware/server:
		22.22%	Very satisfied
		29.08%	Somewhat satisfied
		11.44%	Not satisfied
		37.25%	Haven't deployed it
		Network-based IPS:
		22.22%	Very satisfied
		30.72%	Somewhat satisfied
		6.54%	Not satisfied
		40.52%	Haven't deployed it
		Network anomaly detection systems:
		19.61%	Very satisfied
		26.80%	Somewhat satisfied
		5.56%	Not satisfied
		48.04%	Haven't deployed it
		Host-based IDS:
		17.97%	Very satisfied
		33.33%	Somewhat satisfied
		9.15%	Not satisfied
		39.54%	Haven't deployed it
		Host-based IPS:
		16.99%	Very satisfied
		26.80%	Somewhat satisfied
		6.86%	Not satisfied
		49.35%	Haven't deployed it
		Security event/info management (SEIM/SIM):
		12.42%	Very satisfied
		31.37%	Somewhat satisfied
		11.44%	Not satisfied
		44.77%	Haven't deployed it
		Unified threat management appliance:
		11.11%	Very satisfied
		27.78%	Somewhat satisfied
		8.50%	Not satisfied
		52.61%	Haven't deployed it
		3. Will you be spending more, the same or less money on the following intrusion defense products this year?
		Network-based IPS
		26.14%	Spending more
		30.07%	Spending the same
		3.59%	Spending less
		14.71%	Are not spending
		Security event/info management (SEIM/SIM):
		23.86%	Spending more
		24.84%	Spending the same
		4.58%	Spending less
		19.28%	Are not spending
		Network-based IDS:
		22.95%	Spending more
		39.34%	Spending the same
		6.56%	Spending less
		11.80%	Are not spending
		Network firewalls:
		20.59%	Spending more
		49.35%	Spending the same
		7.84%	Spending less
		7.84%	Are not spending
		Routers/switches with built-in content/application filtering:
		20.26%	Spending more
		34.97%	Spending the same
		4.58%	Spending less
		17.32%	Are not spending
		Host-based IPS:
		18.03%	Spending more
		26.89%	Spending the same
		4.26%	Spending less
		24.26%	Are not spending
		Antispyware/desktop:
		17.65%	Spending more
		44.77%	Spending the same
		6.54%	Spending less
		12.75%	Are not spending
		Unified threat management appliance:
		16.99%	Spending more
		23.20%	Spending the same
		2.94%	Spending less
		24.18%	Are not spending
		Network anomaly detection systems
		16.07%	Spending more
		30.49%	Spending the same
		3.61%	Spending less
		17.38%	Are not spending
		Antispyware/gateway:
		16.01%	Spending more
		38.56%	Spending the same
		4.25%	Spending less
		16.67%	Are not spending
		Antispyware/server:
		15.69%	Spending more
		38.89%	Spending the same
		4.25%	Spending less
		16.67%	Are not spending
		Host-based IDS:
		15.69%	Spending more
		30.07%	Spending the same
		6.21%	Spending less
		22.88%	Are not spending
		Host/application firewalls:
		13.73%	Spending more
		38.24%	Spending the same
		5.88%	Spending less
		19.61%	Are not spending
		Antivirus/server:
		10.78%	Spending more
		63.07%	Spending the same
		5.23%	Spending less
		10.13%	Are not spending
		Antivirus/desktop:
		10.78%	Spending more
		66.34%	Spending the same
		3.92%	Spending less
		9.15%	Are not spending
		Antivirus/gateway:
		9.48%	Spending more
		55.23%	Spending the same
		4.90%	Spending less
		16.34%	Are not spending
		4. Choose true or false for the following statements*:
		In 2006 I'm trying to make intrusion detection/prevention a more strategic part of security management.
		75.82%	True
		9.48%	False
		Freeware IDSes (e.g., Snort) are just as effective as commercial IDSes.
		35.62%	True
		28.10%	False
		Freeware IDSes (e.g., Snort) have the same level of features and functions as commercial IDSes.
		24.51%	True
		41.50%	False
		My company will buy a new IDS/IPS in 2006.
		19.93%	True
		34.97%	False
		My company will upgrade (from the same vendor) an existing IDS/IPS in 2006.
		24.18%	True
		38.56%	False
		My company will renew an existing IDS/IPS license at an existing level in 2006.
		35.29%	True
		30.39%	False
		My company will replace my existing IDS/IPS with a new system from a different vendor in 2006.
		10.46%	True
		50.33%	False
		My company will not renew an existing license, and we have no plans to replace it.
		11.76%	True
		58.50%	False
		My company has not purchased IDS/IPS in the past and won't do so in 2006.
		11.44%	True
		65.03%	False
		Intrusion detection/prevention is best done at the network level.
		51.31%	True
		24.84%	False
		IDSes/IPSes will be obsolete in five years as the function becomes embedded in the network/applications.
		24.26%	True
		37.70%	False
		I consider Security Information/Event Management (SIM/SEIM) an important part of my company's total approach to intrusion defense.
		72.55%	True
		8.50%	False
		I consider vulnerability management an important part of my company's total approach to intrusion defense.
		85.62%	True
		3.59%	False
		* - In cases where respondents declined to answer, totals do not equal 100%.
		5. Which of the following reasons would prompt you to drop your current IDS/IPS vendor and buy from a different one? (Select up to three.)*
		45.40%	A different vendor's product is better at detecting/preventing attacks.
		35.60%	A different vendor's product is easier to install/administer/manage.
		33.00%	A different vendor's product offers a wider array of security functions and features.
		32.70%	A different vendor's product integrates into our infrastructure better than the current one.
		25.20%	A different vendor's system is cheaper and offers the same level of security.
		* - Top five most-popular results listed
		6. Which of the following vendors' intrusion detection/prevention products do you use? (Check all that apply.)*
		42.50%	Cisco
		34.00%	Symantec
		30.10%	Snort/other freeware
		25.50%	McAfee
		25.50%	Microsoft
		19.90%	CheckPoint/Sourcefire
		* - Top five most-popular results listed
		7. Who is your primary intrusion detection/prevention (IDS/IPS) vendor?
		20.30%	Cisco
		14.70%	Symantec
		12.10%	Snort/other freeware
		10.50%	None
		7.80%	Other
		8. What was the main reason you chose the vendor selected above?
		20.90%	Fit into infrastructure
		19.00%	Superior security functionality
		16.30%	Product was already installed
		14.10%	Cost
		12.70%	Other
		9. Rate the following non-technical obstacles based on the impact they have on your company's ability to defend against intruders:
		Budget constraints:
		28.34%	It's a significant problem
		42.35%	It's a problem
		21.50%	It's not a problem
		Lack of upper management support:
		19.22%	It's a significant problem
		30.94%	It's a problem
		37.13%	It's not a problem
		Employee training:
		18.24%	It's a significant problem
		37.46%	It's a problem
		33.88%	It's not a problem
		Incomplete product sets/technology:
		12.70%	It's a significant problem
		43.97%	It's a problem
		25.73%	It's not a problem
		Lack of vendor support:
		12.05%	It's a significant problem
		29.32%	It's a problem
		41.37%	It's not a problem
		Vendor confusion/ambiguity:
		9.77%	It's a significant problem
		29.32%	It's a problem
		41.37%	It's not a problem
		10. Rate the following technical obstacles based on the impact they have on your company's ability to defend against intruders:
		Managing logs:
		21.50%	It's a significant problem
		38.11%	It's a problem
		28.66%	It's not a problem
		Separating legitimate traffic from malicious traffic without false positives/negatives:
		17.26%	It's a significant problem
		52.77%	It's a problem
		17.26%	It's not a problem
		Tuning intrusion detection/prevention systems for your environment:
		16.94%	It's a significant problem
		39.41%	It's a problem
		28.34%	It's not a problem
		Turning on application-layer scanning without hurting traffic throughput:
		16.94%	It's a significant problem
		39.09%	It's a problem
		21.82%	It's not a problem
		Integrating multiple vendors' intrusion defense products:
		14.33%	It's a significant problem
		36.81%	It's a problem
		30.62%	It's not a problem
		Creating useful reports for management/business intelligence:
		13.68%	It's a significant problem
		42.35%	It's a problem
		28.34%	It's not a problem
		Defining spyware/adware:
		11.76%	It's a significant problem
		44.77%	It's a problem
		31.05%	It's not a problem
		Prioritizing threat response:
		10.46%	It's a significant problem
		44.77%	It's a problem
		30.72%	It's not a problem
		Using system outputs to see the big picture of total network security posture:
		10.42%	It's a significant problem
		40.07%	It's a problem
		28.66%	It's not a problem
		Setting a baseline for "normal" network behavior:
		9.12%	It's a significant problem
		47.56%	It's a problem
		28.34%	It's not a problem
		The reactive nature of signature-based AV, antispyware and IDS:
		7.49%	It's a significant problem
		45.28%	It's a problem
		34.85%	It's not a problem
		Pushing signature updates to the desktop:
		2.28%	It's a significant problem
		21.50%	It's a problem
		65.47%	It's not a problem

Tags: Monitoring Network Traffic and Network Forensics,  Network Intrusion Detection (IDS),  Network Intrusion Prevention (IPS),  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Monitoring Network Traffic and Network Forensics Preventing SQL injection attacks: A network admin's perspective Breach prevention: How to keep track of data and applications Researchers find thousands of flawed embedded devices Network traffic collection, analysis helps prevent data breaches Lifecycle of a network security vulnerability Port scan attack prevention best practices How to prevent network sniffing and eavesdropping DoD urges less network anonymity, more PKI use Chained Exploits: How to prevent phishing attacks from corporate spies PCI compliance requirement 10: Auditing Network Intrusion Detection (IDS) Preventing SQL injection attacks: A network admin's perspective Lifecycle of a network security vulnerability Best Intrusion Prevention and Detection Products Rogue AP containment methods SIMs tools and tactics for business intelligence IPS and IDS deployment strategies Know when you need IDS, IPS or both Trend Micro to acquire Third Brigade for virtualization, cloud security New product aims to control rogue applications that avoid firewalls How to perform a network forensic analysis and investigation Network Intrusion Detection (IDS) Research Network Intrusion Prevention (IPS) Aligning network security with business priorities Best Intrusion Prevention and Detection Products Port scan attack prevention best practices Lesson 4: How to use wireless IPS Lesson 1 quiz: Risky business Hacker attack techniques and tactics: Understanding hacking strategies SIMs tools and tactics for business intelligence IPS and IDS deployment strategies I'll be watching you: Wireless IPS Know when you need IDS, IPS or both Network Intrusion Prevention (IPS) Research

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary bridge  (SearchSecurity.com) computer forensics  (SearchSecurity.com) Einstein  (SearchSecurity.com) footprinting  (SearchSecurity.com) information signature  (SearchSecurity.com) inverse mapping  (SearchSecurity.com) network behavior analysis  (SearchSecurity.com) network forensics  (SearchSecurity.com) promiscuous mode  (SearchSecurity.com) snoop server  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary