PRO+ Premium Content/Information Security magazine

Thank you for joining!
Access your Pro+ Content below.
May 2002

Next-generation IDS brings less false positives, more intelligence

The shine is definitely off intrusion detection systems, and IDS vendors know it. Funny how IDSes used to be the coolest thing going -- until people actually started using them. The biggest complaint, always, is false positives. I constantly hear horror stories about IDSes spitting out reams of alert data that nobody has time to sift through. One East Coast Fortune 500 financial institution gets more than 500,000 alerts per month. Tuning the system to your network's peculiarities helps, but when Chicken Little keeps telling you the sky is falling, it isn't long before you stop looking up. To be more effective, IDSes -- particularly network-based solutions -- will need to be more intelligent. Intelligence from a technical standpoint means less reliance on signature-based scanning and more reliance on protocol analysis and anomaly detection. It also means better mapping to the network's servers and applications, and the ability to know whether Server A is vulnerable to Attack B. The latest buzzword used by IDS vendors is "...

Access this PRO+ Content for Free!

Features in this issue

Columns in this issue