PRO+ Premium Content/Information Security magazine

Thank you for joining!
Access your Pro+ Content below.
March 2002

How to limit IDS false positives, gain measurable security

Like most security-conscious IT professionals, you've probably looked into using an intrusion detection system (IDS). Maybe you actually deployed an IDS and experienced what most first-time users get: a boatload of false positives. Now, like many others disappointed by their excursion into intrusion detection land, you're disappointed and ready to toss it out the window. OK, so you can't get what you want: a never-sleeping, all-knowing guard for your systems and networks. You can't get a monitor that tells you of a suspected intruder's intent, or one that takes into account all possible attack scenarios, especially those nobody's thought of yet. Lots of people blame the vendors for this, but maybe all it means is that we've come to expect too much from today's IDSes. Maybe all that's needed is some adjusted expectations and a bit more planning. To illustrate this point, here's an analogy from the physical security world. Building managers use motion detectors to prevent unauthorized entry. These detectors work great when the ...

Access this PRO+ Content for Free!

Features in this issue

Columns in this issue