Prevention vendors try to shed bad rap

Interestingly, many companies that provide intrusion-prevention products try hard not to use the term when describing what those products do, because many users have had bad experiences with traditional intrusion-detection systems and the seemingly intractable problems of false positives and huge logs that overwhelm administrators.

Those problems can be greatly reduced by keeping intrusion-detection systems properly configured, but the systems are notoriously finicky and require constant attention to keep them tuned. That, and the amount of time needed to analyze the huge activity logs, have caused resource-constrained

organizations to all but give up on the technology as a major element of security.

Intrusion prevention was initially seen as a natural progression from the largely passive detection and analysis function of intrusion-detection systems to a more proactive capability. However, many in the intrusion-prevention business actively seek to separate the two.

"The use of the [intrusion-prevention moniker] has definitely slowed the market," said John McHale, chairman and chief executive officer of TippingPoint Technologies Inc. "For us there's nothing remotely similar between the [prevention and detection] technologies."

About the Author

Brian Robinson is a freelance writer based in Portland, Ore.

Featured

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.