Intrusion detection systems are alive and kicking

"IPS threatened to hurt the IDS market but IDS is better equipped to inspect malware," said Chris Liebert, a security analyst with Yankee Group. "IPS specializes in blocking, so each still have their own uses, and that's why IDS is still around."

IDS is now part of a larger intrusion defense arsenal that includes vulnerability management and access control technology. IT pros realize they simply can't win the cyber wars with one product alone.

As they grow dependent on more tools, industry experts say IT pros want security vendors to develop management systems that allow them to pull data from various security devices into one place where they can assemble the big picture and mount a quicker, more effective defense. As part of the bargain, they also want more automation.

But technology can't fix everything. IT pros must confront cultural obstacles. These include insiders whose computing habits put sensitive data at risk and allow malware through the gates, and the reluctance of upper management to invest in new security initiatives.

Like many IT pros, Dave Bixler worries a lot about employees whose bad habits make it easier for the bad guys to penetrate the network. Some employees load sensitive files onto USB keys and then lose them, said Bixler, CISO for Siemens Business Services Inc.

"You can go to any meeting and people toss these USB keys around, and I'm sure some people leave them in their hotel rooms or airplanes seats with the data on them," he said. "I worry about where my data goes and how to keep it from going where I don't want it to go."

Laptop-wielding employees are also a potential problem. Stolen or misplaced laptops have passwords that can be unlocked within minutes using any number of online tools, he said.

Upper management can also be a barrier to an adequate intrusion defense because they don't always understand why it's necessary to invest in a new security tool. Of 307 IT pros who took a SearchSecurity.com survey on intrusion defense last year, 50% cited a lack of upper management support as a problem, while 71% said cash constraints are a problem.

Before becoming VP of IT at Wild Oats Markets Inc., Jon Payne worked for global giants such as Qwest Communications International Inc., Sprint Corp., PepsiCo Inc., and General Mills Inc. He's learned it's easier to get support from executives in larger companies.

"Bigger companies have already been burned and are more serious about security measures," Payne said. "Midmarket companies simply aren't as aware of their risks and security needs from the get-go. My job is to educate upper management on what the risks are and why we need to make certain changes and investments."

Payne and other IT professionals have found that top brass can be won over by explaining how certain investments and policies could boost regulatory compliance efforts and prevent a headline-grabbing security breach.

As IT pros adopt more security tools to deal with growing threats, they are looking to vendors for more automation and quicker analysis, said Max Caceres, director of product management for Core Security Technologies.

"Customers want as much automation as possible and the ability to produce general reports," he said. Core Security's specialty is penetration testing, and the company has worked to inject more speed and ease into its products. "People see the value of efficient and thorough testing, but they're looking for ways to make it easier."

Liebert says the need for speed is driven by a threat landscape that's shifted from worms attacks to below-the-radar threats like botnets. "IT administrators really want the tools to help them identify the source of an alert so they can respond more quickly," she said.

<< Return to our special coverage of RSA Conference 2007