Problem solve Get help with specific problems with your technologies, process and projects.

Products of the Year: Intrusion-detection systems

Information Security magazine unveils its 2004 IDS of the year.

GOLD MEDAL: Dragon Intrusion Defense System
Enterasys Networks,
Rating: 79

Regardless of where you come down in the "IDS is dead" debate, you have to admit that intrusion detection's role in enterprise security has changed. While perimeter firewall and IPS vendors continue to chip away at the IDS market, IDSes are enjoying a rebirth of sorts as post-hack forensics and real-time threat management tools.

Enterasys' Dragon, our gold winner for IDS, epitomizes the transition of IDSes from "reactive detection" to "proactive correlation." Rather than firing off thousands of alerts based on single-node scanning, Dragon uses multiple virtual sensors to correlate event data from across the network and compare it to collected data on the network's vulnerability posture. The process, managed through Enterasys' Dynamic Intrusion Response (DIR) system, results in more accurate and timely intrusion management, as well as fewer false positives.

IPS vendors have long touted the benefits of stopping, not just detecting, malicious traffic. But many enterprises are reluctant to implement full-scale inline IPS for fear of blocking legitimate traffic. Some users suggest that Dragon's passive scanning combined with DIR attack correlation is a more sensible approach.

"We don't want anything inline but firewalls, routers and load balancers," says a government IT security manager. "So far, the Enterasys IDS has worked best for us."

Not to be overshadowed in the IDS vs. IPS discussion is the importance of customer support. By virtue of being first, IDS vendors have had more experience fine-tuning their support and service to well-identified customer needs. Enterasys has transformed Dragon from a stand-alone IDS to the cornerstone of its network security architecture strategy.

"Enterasys is an innovative company that understands security and how to protect you," says the CISO of another government agency. "It is willing to work with diverse organizational needs."

Cisco Systems,
Rating: 77

USER COMMENTS: "Cisco does a good job of understanding where our threats are coming from and changing its products to address them."

"Technology-wise, it leads most of the network vendors."

BRONZE MEDAL: RealSecure Network
Internet Security Systems,
Rating: 71

USER COMMENTS: "ISS has a proven IDS infrastructure."

"It's the leader in the IDS market."


This was last published in January 2005

Dig Deeper on Network intrusion detection and prevention (IDS-IPS)

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.