Products of the Year: Intrusion-detection systems

Information Security magazine

GOLD MEDAL: Dragon Intrusion Defense System
Enterasys Networks, www.enterasys.com
Rating: 79

Regardless of where you come down in the "IDS is dead" debate, you have to admit that intrusion detection's role in enterprise security has changed. While perimeter firewall and IPS vendors continue to chip away at the IDS market, IDSes are enjoying a rebirth of sorts as post-hack forensics and real-time threat management tools.

Enterasys' Dragon, our gold winner for IDS, epitomizes the transition of IDSes from "reactive detection" to "proactive correlation." Rather than firing off thousands of alerts based on single-node scanning, Dragon uses multiple virtual sensors to correlate event data from across the network and compare it to collected data on the network's vulnerability posture. The process, managed through Enterasys' Dynamic Intrusion Response (DIR) system, results in more accurate and timely intrusion management, as well as fewer false positives.

IPS vendors have long touted the benefits of stopping, not just detecting, malicious traffic. But many enterprises are reluctant to implement full-scale inline IPS for fear of blocking legitimate traffic. Some users suggest that Dragon's passive scanning combined with DIR attack correlation is a more sensible approach.

"We don't want anything inline but firewalls, routers and load balancers," says a government IT security manager. "So far, the Enterasys IDS has worked best for us."

Requires Free Membership to View

Not to be overshadowed in the IDS vs. IPS discussion is the importance of customer support. By virtue of being first, IDS vendors have had more experience fine-tuning their support and service to well-identified customer needs. Enterasys has transformed Dragon from a stand-alone IDS to the cornerstone of its network security architecture strategy.

"Enterasys is an innovative company that understands security and how to protect you," says the CISO of another government agency. "It is willing to work with diverse organizational needs."

Cisco Systems, www.cisco.com
Rating: 77

USER COMMENTS: "Cisco does a good job of understanding where our threats are coming from and changing its products to address them."

"Technology-wise, it leads most of the network vendors."

BRONZE MEDAL: RealSecure Network
Internet Security Systems, www.iss.net
Rating: 71

USER COMMENTS: "ISS has a proven IDS infrastructure."

"It's the leader in the IDS market."


This was first published in January 2005

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.