• United States



by Joe Terry

Plenty of Questions Left in IDS Market

Aug 28, 20025 mins
CSO and CISOData and Information Security

The Intrusion Detection Systems (IDS) market remains a question mark amid continued concerns regarding performance and stability. Additionally, the market continues to see some level of consolidation with the more mature antivirus market. The convergence remains primarily a product one, whereas the technologies will remain relatively separate because of the more efficient technologies of antivirus vendors. Vendors such as Symantec, which have market leading IDS and antivirus products, will look to align both solutions more closely in the next year through product integration and enterprise security management (ESM) solutions. Symantec has already begun the process with its integrated Gateway Security appliances featuring IDS, antivirus, firewall, VPN, and Internet content filtering. Symantec also acquired the CyberWolf ESM solution through its acquisition of Mountain Wave. Other examples of integrated security include products from TippingPoint Technologies and iPolicy Networks. Despite these efforts though, the real story in the next year could be from newcomers such as Securify and nCircle, which are trying to change the usual intrusion detection paradigm.

Market Review

NFR Goes Hybrid: NFR Security Inc., traditionally a leading provider of network-based intrusion detection, released a new hybrid IDS incorporating host-based intrusion detection called the Intrusion Management System (IMS). The NFR IMS implements a multi-tiered approach to intrusion detection that incorporates both network- and host-based protection, which continues to be an important industry trend. The move will help NFR compete against other vendors with hybrid IDSes, such as ISS and Enterasys.

ISS Puts the ICE in RealSecure: Industry leader Internet Security Systems released RealSecure Network Sensor 7.0, the companys first product release incorporating BlackICE technology. The new release provides improved protection through anomaly detection capabilities and improved overall throughput. Version 7.0 will help ISS continue as a leader in hybrid intrusion detection.

Secos Seeks Software Share: Secos, a Korean-backed company, entered the North American market with a portfolio of software-based security solutions, including a NIDS and enterprise security management solution. By offering close integration with Check Point and an intuitive interface, Secos has earned a solid reputation despite still remaining relatively unknown in the North American market. Because of the instability and room for improvement in the IDS market, Secos will continue to see growth opportunities through the proper execution.

Near-Term Market Drivers

Correlation is Key: The near-term IDS market contenders will largely be determined by those vendors that can best correlate and visualize the huge amounts of information captured by the IDS. Proper filtering and correlation reduces false positives, which will allow improved monitoring of entire networks. Visualization and correlation tools from non-IDS vendors will continue to proliferate if IDS vendors dont improve their own reporting interfaces.

Bundle Up: Bundling solutions will become more important in the near-term. For example, Symantec and Computer Associates benefit in the marketplace by being able to market an in-house antivirus solution along with their IDS products. ISS has also recently established a partnership with Network Associates. Partnerships with open source products (for example, Snort and Nessus) as TippingPoint is doing and those without their hand in the IDS cookie jar will be explored.

To Be Inline or Not to Be: IntruVert, TippingPoint, Vsecure, and OneSecure are all gambling that the world is ready for inline intrusion detection. While each company has its strengths, it is unlikely they will all survive for long unless enterprises line up for inline detection. It is certain though that inline detection will be a short-term market driver as these vendors test the waters and either float or sink.

Long-Term Market Drivers

New Techniques for Detection: Anomaly-based systems have received industry attention but it remains to be seen whether the technology will survive in practice independent from signatures. The issue of anomaly/signature detection will continue to be an important driver in future IDS development along with inline proactive detection, host-based intrusion prevention, and more holistic security platforms. (such as Securify and nCircle).

Standards Put in Place: The development of standards will continue being discussed until theyre finally positioned into the IDS marketplace and begin to be implemented on a wide-scale basis. Right now, it is anybodys guess when the market will start reflecting finished standards because vendors have not yet expressed sufficient interest.

Hardware vs. Software: Currently, software IDSes still control the marketplace, but appliance IDSes are making inroads and they certainly provide some benefits. The battle will continue in the long-term until the niche for software and hardware in intrusion detection has been better determined. It is also likely that various vendors will test the waters in both markets in an attempt to establish eventually a unified IDS framework encompassing both hardware and software.

Market Outlook

The IDS market remains one ripe with opportunities for new technologies and vendors. That is not to say the market will be easy for a new vendor (in fact it is the opposite), but the current technology still has a lot of room for improvements. Vendors still continue to be dogged with the same issuestoo much information, little correlation, false positives, poor bandwidth utilization, false negatives, and instability.