A month ago, a Gartner research report declared that intrusion detection systems were a market failure. The report and a graph depicting Gartners Information Security Hype Cycle indicated that intrusion detection system (IDS) technology had gone beyond the peak of inflated expectations and was rapidly sliding toward the trough of disillusionment. While, according to Gartners Hype Cycles, some technologies emerge from that dread trough and climb respectably to a plateau of usefulness, Gartner had no such hope for IDS. It said the products have failed to provide value relative to costs and will be obsolete by 2005. That made IDS vendors cross. People whove spent a lot of money with them werent very psyched about this report, either.Vendors and spenders alike accept some of the criticisms that Gartner lobs at the young technology, such as its high demands on networks and IT staff, its high requirement for maintenance and its high rate of false positives (one IDS user told Computerworld that his companys IDS generated more than 600 alerts daily). But theyve called the reports prediction for IDS to completely fizzle short-sighted and emotional and alarmist. The products are evolving and improving, they say.Intrusion detection systems typically work within a networks firewall to identify and record attempts to break into or misuse the system by sniffing packets off a switch port. They alert administrators to what they find but cant drop anything out of the flow of traffic. Another technology often mentioned in the same breath as IDS is intrusion prevention systems (IPS), which are seen to combine the detection function of IDS but, being deployed differently, can respond more directly to perceived intrusion. The Gartner report, however, suggests that IPS is just following IDS along the hype trail to oblivion and that instead, functionality is moving into firewalls, which will perform deep packet inspection for content and malicious traffic blocking, as well as antivirus activities.IDS vendors say no prevention system, be it IPS or advanced firewalls, is going to stop every attack. Therefore IDS is needed for monitoring and audit functions, in order to analyze a systems weaknesses and adapt prevention policies to that. Does that ring true to you, or is it wishful thinking from those invested in the hype? Is it time to cut bait and try something else, or is Gartner looking for its own hype? Related content news analysis Companies are already feeling the pressure from upcoming US SEC cyber rules New Securities and Exchange Commission cyber incident reporting rules don't kick in until December, but experts say they highlight the need for greater collaboration between CISOs and the C-suite By Cynthia Brumfield Sep 28, 2023 6 mins Regulation Data Breach Financial Services Industry news UK data regulator warns that data breaches put abuse victims’ lives at risk The UK Information Commissioner’s Office has reprimanded seven organizations in the past 14 months for data breaches affecting victims of domestic abuse. By Michael Hill Sep 28, 2023 3 mins Electronic Health Records Data Breach Government news EchoMark releases watermarking solution to secure private communications, detect insider threats Enterprise-grade software embeds AI-driven, forensic watermarking in emails and documents to pinpoint potential insider risks By Michael Hill Sep 28, 2023 4 mins Communications Security Threat and Vulnerability Management Security Software news SpecterOps to use in-house approximation to test for global attack variations The new offering uses atomic tests and in-house approximation in purple team assessment to test all known techniques of an attack. By Shweta Sharma Sep 28, 2023 3 mins Penetration Testing Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe