GOLD MEDAL: Dragon Intrusion Defense System
Enterasys Networks, www.enterasys.com
Regardless of where you come down in the "IDS is dead" debate, you have to admit that intrusion detection's role in enterprise security has changed. While perimeter firewall and IPS vendors continue to chip away at the IDS market, IDSes are enjoying a rebirth of sorts as post-hack forensics and real-time threat management tools.
Enterasys' Dragon, our gold winner for IDS, epitomizes the transition of IDSes from "reactive detection" to "proactive correlation." Rather than firing off thousands of alerts based on single-node scanning, Dragon uses multiple virtual sensors to correlate event data from across the network and compare it to collected data on the network's vulnerability posture. The process, managed through Enterasys' Dynamic Intrusion Response (DIR) system, results in more accurate and timely intrusion management, as well as fewer false positives.
IPS vendors have long touted the benefits of stopping, not just detecting, malicious traffic. But many enterprises are reluctant to implement full-scale inline IPS for fear of blocking legitimate traffic. Some users suggest that Dragon's passive scanning combined with DIR attack correlation is a more sensible approach.
"We don't want anything inline but firewalls, routers and load balancers," says a government IT security manager. "So far, the Enterasys IDS has worked best for us."
Not to be overshadowed in the IDS vs. IPS discussion is the importance of customer support. By virtue of being first, IDS vendors have had more experience fine-tuning their support and service to well-identified customer needs. Enterasys has transformed Dragon from a stand-alone IDS to the cornerstone of its network security architecture strategy.
"Enterasys is an innovative company that understands security and how to protect you," says the CISO of another government agency. "It is willing to work with diverse organizational needs."
SILVER MEDAL: Cisco IDS
Cisco Systems, www.cisco.com
USER COMMENTS: "Cisco does a good job of understanding where our threats are coming from and changing its products to address them."
"Technology-wise, it leads most of the network vendors."
BRONZE MEDAL: RealSecure Network
Internet Security Systems, www.iss.net
USER COMMENTS: "ISS has a proven IDS infrastructure."
"It's the leader in the IDS market."MORE 2004 PRODUCTS OF THE YEAR
This was first published in January 2005