Yesterday Gartner released an attention grabbing release that declared in the headline "Intrusion Detection Systems a Market Failure: Money Slated for Intrusion Detection Should Be Invested in Firewalls". The release goes on to say that the market will be obsolete by 2005.
Now there's a bold statement, it comes from the Gartner "Hype Circle", but could be ID'd as hype in and of itself. What's most interesting to me is that they declare IDS a market failure. Not a technical failure, nor one that doesn't deliver some business value, but a marketing one.
One of the reasons for the failure? "An increased burden on the IS organization by requiring full-time monitoring (24 hours a day, seven days a week, 365 days a year)." Ummm, hold on folks, is Gartner saying that a technology shouldn't be monitoring the network 24/7/365?
There's no question that end-users have been disappointed in the hype v. reality of IDS. False positives, inability to monitor traffic in high throughput situations, and signature latency issues have plagued the space. But while the market may be shifting, the basic technology of looking for intrusions on the network, host, and applications, is still valid.
Whether it will persist as stand alone offering, or continue to be embedded in operating systems, switches, routers, and firewalls is another matter. But to declare the entire market obsolete is more hype than responsible analysis.
Posted by Diana at June 12, 2003 09:11 AM