STAMFORD, Conn. – IDS is RIP, or will be soon. That's the word from a leading think firm which declares that intrusion-detection systems and their successors, intrusion-prevention systems, are hyped-up market failures that may soon prove to be a waste of time, money, and perhaps worse if they fail to do the best job of keeping hackers out. That well-publicized conclusion from Gartner Inc., however, has been met with skepticism and sharp disagreement from several of the major providers of IT security services to credit unions that Credit Union Times has contacted since the report began circulating this summer. First, here's what Gartner had to say: "Intrusion-detection systems are a market failure and vendors are now hyping intrusion-prevention systems, which have also stalled," says Richard Stiennon, Gartner's research vice president. "Functionality is moving into firewalls, which will perform deep packet inspection for content and malicious traffic blocking, as well as anti-virus activities." According to the Gartner Information Security Hype Cycle research report, IDS problems include: * False positives and negatives. * An increased budget on IT shops because of 24/7 monitoring needs. * A taxing incident-response process. * An inability to monitor traffic at transmission rates greater than 600 megabits per second. As for firewalls, Stiennon says they are the most effective defense against hackers and are becoming "increasingly better at blocking network-based attacks." He also says leading vendors who want to stay that way need to understand that. "To be considered as a challenger, visionary or leader, a vendor must have both network-level and application-level firewall capabilities as an integrated product. Vendors that have only one or the other will be niche players," the Gartner analyst says. That's exactly the point, says a number of CU-space providers who say they don't rely simply on IDS technology and have already been doing the kind of integration the Gartner report recommends. Don't Believe the Hype "We read the Gartner report the day it came out and think they were going for the `shock factor,' " says Cary Landry, senior vice president with CUNA Network Services in Tempe, Ariz. Landry, who helps direct network security for 175 credit union clients, also says that simply relying on firewalls isn't enough. His firm uses a combination of security methodologies. " What they don't explain is that we are still a long way from reduced monitoring ports through IDS," he says, noting that firewalls, for example, can be vulnerable simply because of the open ports they employ to let data pass through in the first place. Integration will continue and is an obvious process of technology evolution, Landry says. "Anyone with half a brain could have told you that eventually all these security systems – firewall, IDS, IPS, virus protection, content filtering, e-mail filtering, etc. – will be built into one device," he says. Greg Owen, a senior security engineer at Boston-based Vibren Technologies, agrees that intruder-prevention technology needs to be joined with firewall deployment, and makes this analogy: "Go into any financial building in a metropolitan city. Are the doors locked? Not during the day. People need to get in. But there are guards there, and badge readers trying to validate everyone coming in. Guards aren't perfect and badges can be stolen easily, but we use them because they provide a reasonable benefit given the cost," he says. Owen, whose firm provides network and IT services to a number of Fortune 100 companies and major banks and credit unions, notes that all three core IT-security technologies – intrusion detection/prevention, firewalls and anti-virus solutions – had problems in their early days and that all three "are valuable enough to have evolved in the market place and thrived." He also calls false positives and negatives "a cost, not a problem," especially compared with the alternative. Many security solutions can block legitimate traffic and take up time and resources sorting through results, "but when protecting valuable resources – financial transaction systems come to mind – the benefit can be enormous," Owen says. Like the others, Mike Cote says his firm hasn't heard any concerns from his clients about the Gartner report, and the CEO of SecureWorks says "we're delighted that Gartner continues to show leadership by investigating this important issue." However, Cote, whose Atlanta firm provides IT security for approximately 200 credit unions around the country, adds this observation: "IDS systems are obsolete but not dead. When it comes to preventing system compromises, they are about as effective as cameras are in preventing robberies. "Continuing the analogy, though, cameras shouldn't be shut off or uninstalled because they don't do everything. The fact is, they do provide some value." He also noted that intrusion-prevention technologies are an outgrown of intrusion-detection systems, a process that continues at his company and others as they work to find more sophisticated ways to block the growing sophistication of the attackers they're out to thwart. Mark Bell, director of security operations at Digital Defense in San Antonio, also sees the process as ongoing. "While firewalls should always be your primary means of maintaining the security of your network, IDS/IPS can prove invaluable in detecting and preventing network attacks before they happen," he says. "Though signature-based systems are prevalent today, new technology is moving toward a neural-network type approach where the systems actually learn the traffic pattern of the client network, detect any difference from normal activity and react against the source of that activity. If this difference is found to be legitimate activity, this data can be inserted into the IDS/IPS report so it will not alert on it again," says Bell, whose company protects about 100 client networks. "As this technology evolves over the next several years," he adds, "we will see a dramatic decline in the number of false positives and false negatives, which has been an Achilles heel for IDS/IPS." Cote, at SecureWorks, concludes: "Let's be clear. Security is a process, not a product. While a specific product serves its own useful purpose, it is the combination of products and processes that enables a truly secure network." -

[email protected]