Back in 2003 Gartner announced that Intrusion Detection Systems were a costly failure and would be obsolete by 2005. They saw problems with false positives, false negatives, bandwidth limitations and the growing resources needed to carry out monitoring and incident response. Better to invest in firewalls they said.
Yet five years later IDS is alive and well. And it’s Intrusion Prevention Systems that are failing to penetrate the market. False positives continue to be a problem for network-level systems. So nine out of ten security managers still prefer to monitor rather than block. It might be resource-consuming but the risk of blocking an important business transaction is too great for most companies.
But the future is brighter. Security is always more intelligent and effective when applied at the application and data level. New products such as the impressive intelligent database activity monitoring technology from Secerno are much more reliable. In fact Paul Davie, Secerno founder and COO, tells me that their clients have never experienced a single false positive or false negative. It's because of the more precise nature of their algorithms.
So the future is blocking, not monitoring. And the smart approach is to focus your security efforts at the application level, not the infrastructure level.