Prevention vendors try to shed bad rap
- By Brian Robinson
- Mar 09, 2003
Interestingly, many companies that provide intrusion-prevention products try hard not to use the term when describing what those products do, because many users have had bad experiences with traditional intrusion-detection systems and the seemingly intractable problems of false positives and huge logs that overwhelm administrators.
Those problems can be greatly reduced by keeping intrusion-detection systems properly configured, but the systems are notoriously finicky and require constant attention to keep them tuned. That, and the amount of time needed to analyze the huge activity logs, have caused resource-constrained
organizations to all but give up on the technology as a major element of security.
Intrusion prevention was initially seen as a natural progression from the largely passive detection and analysis function of intrusion-detection systems to a more proactive capability. However, many in the intrusion-prevention business actively seek to separate the two.
"The use of the [intrusion-prevention moniker] has definitely slowed the market," said John McHale, chairman and chief executive officer of TippingPoint Technologies Inc. "For us there's nothing remotely similar between the [prevention and detection] technologies."
Brian Robinson is a freelance writer based in Portland, Ore.