Conventional wisdom once had it that
intrusion prevention systems (IPS) would
eliminate the need for
intrusion detection systems (IDS). But with
threats getting worse by the day and IT pros needing every
weapon they can find, IDS is alive and well.
"IPS threatened to hurt the IDS market but IDS is better
equipped to inspect malware," said Chris Liebert, a security
analyst with Yankee Group. "IPS specializes in blocking, so each
still have their own uses, and that's why IDS is still around."
IDS is now part of a larger
intrusion defense arsenal that includes
vulnerability management and access control technology. IT pros
realize they simply can't win the cyber wars with one product
alone.
As they grow dependent on more tools, industry experts say IT
pros want security vendors to develop management systems that allow
them to pull data from various security devices into one place
where they can assemble the big picture and mount a quicker, more
effective defense. As part of the bargain, they also want more
automation.
But technology can't fix everything. IT pros must confront
cultural obstacles. These include insiders whose computing habits
put sensitive data at risk and allow malware through the gates, and
the reluctance of upper management to invest in new security
initiatives.
Like many IT pros, Dave Bixler worries a lot about employees
whose bad habits make it easier for the bad guys to penetrate the
network. Some employees load sensitive files onto USB keys and then
lose them, said Bixler, CISO for Siemens Business Services Inc.
"You can go to any meeting and people toss these USB keys
around, and I'm sure some people leave them in their hotel rooms or
airplanes seats with the data on them," he said. "I worry about
where my data goes and how to keep it from going where I don't want
it to go."
Laptop-wielding employees are also a potential problem. Stolen
or misplaced laptops have passwords that can be unlocked within
minutes using any number of online tools, he said.
Upper management can also be a barrier to an adequate intrusion
defense because they don't always understand why it's necessary to
invest in a new security tool. Of 307 IT pros who took a
SearchSecurity.com survey on intrusion defense last year, 50% cited
a lack of upper management support as a problem, while 71% said
cash constraints are a problem.
Before becoming VP of IT at Wild Oats Markets Inc., Jon Payne
worked for global giants such as Qwest Communications International
Inc., Sprint Corp., PepsiCo Inc., and General Mills Inc. He's
learned it's easier to get support from executives in larger
companies.
"Bigger companies have already been burned and are more serious
about security measures," Payne said. "Midmarket companies simply
aren't as aware of their risks and security needs from the get-go.
My job is to educate upper management on what the risks are and why
we need to make certain changes and investments."
Payne and other IT professionals have found that top brass can
be won over by explaining how certain investments and policies
could boost
regulatory compliance efforts and prevent a
headline-grabbing security breach.
As IT pros adopt more security tools to deal with growing
threats, they are looking to vendors for more automation and
quicker analysis, said Max Caceres, director of product management
for Core Security Technologies.
"Customers want as much automation as possible and the ability
to produce general reports," he said. Core Security's specialty is
penetration testing, and the company has worked to inject more
speed and ease into its products. "People see the value of
efficient and thorough testing, but they're looking for ways to
make it easier."
Liebert says the need for speed is driven by a threat landscape
that's shifted from worms attacks to below-the-radar threats like
botnets. "IT administrators really want the tools to help them
identify the source of an alert so they can respond more quickly,"
she said.
<<Return to our special coverage
of RSA Conference 2007