It has been eight years since a well-known technology research company declared intrusion detection/prevention systems (IDS/IPS), those sentinels at the edge of the network that scream out alerts every time they think they see bad traffic masquerading as allowed flow through the firewall, a market failure. Scoring 10th (IPS) and 16th (IDS) on the Heat Index (a relative measure of user demand) for the Wave 14 Security Study, and sitting at a healthy 70% implemented in enterprise environments, the death of IDS has been greatly exaggerated.
Originally published as a ThursdayTIP to the respondent network of TheInfoPro. Would you like to receive all of the ThursdayTIP reports when they are fist released? Sign up here for TheInfoPro’s respondent network.
Intrusion detection systems stand at 70% in use with 15% of respondents reporting implementations in their plans. Intrusion prevention systems are at 60% implemented, with 13% stating that implementations are in their plans. Spending holds steady, with 71% maintaining their spending level and 17% anticipating a greater level of 2011 spending. The sweet spot in pricing and implementation falls under $100,000, with 30% spending between $100,000 and $500,000 on their implementations.
Two of the problems identified nearly a decade ago, cost and throughput, continue to be an issue according to user narratives:
- “IDS/IPS in-line – the price point to have a certain level of performance is very high.”
- “Opex this year as we move from NIPS to NIDS – it’s a bandwidth issue. We’re increasing bandwidth pipes, and IPS is less effective and creates problems. Moving to IDS and go on alerts vs. blocking.”
The original postulate that many of the functions of the IDS would be subsumed into other edge equipment including the firewall also still holds water for some IT managers:
- “I’m not spending anything directly on IPS/IDS – it’s in the firewall.”
And a number of firms have moved to managed services offerings:
- “We have a package deal with IBM for security – vulnerability management, NIDS/NIPS, etc. – and that’s about $3 million a year.”
All that said, the product vertical is still going strong in enterprises, with winners and losers being enumerated as we continue to study the results of the Wave 14 Security Study:
- “Since TippingPoint was acquired by 3Com, then HP, there have been some support issues.”
- “I like the Sourcefire IDS.”
- “I really like Sourcefire! They have an event classification within an IDS product. Compared to their competitors, they use open source rules. TippingPoint or Cisco, you can’t do that. Sourcefire has a great management console as well. I can’t think of any weakness since they fixed the backup issues.”