Prevention vendors try to shed bad rap

Interestingly, many companies that provide intrusion-prevention products try hard not to use the term when describing what those products do, because many users have had bad experiences with traditional intrusion-detection systems and the seemingly intractable problems of false positives and huge logs that overwhelm administrators.

Those problems can be greatly reduced by keeping intrusion-detection systems properly configured, but the systems are notoriously finicky and require constant attention to keep them tuned. That, and the amount of time needed to analyze the huge activity logs, have caused resource-constrained

organizations to all but give up on the technology as a major element of security.

Intrusion prevention was initially seen as a natural progression from the largely passive detection and analysis function of intrusion-detection systems to a more proactive capability. However, many in the intrusion-prevention business actively seek to separate the two.

"The use of the [intrusion-prevention moniker] has definitely slowed the market," said John McHale, chairman and chief executive officer of TippingPoint Technologies Inc. "For us there's nothing remotely similar between the [prevention and detection] technologies."

About the Author

Brian Robinson is a freelance writer based in Portland, Ore.


  • Defense
    concept image of radio communication (DARPA)

    What to look for in DOD's coming spectrum strategy

    Interoperability, integration and JADC2 are likely to figure into an updated electromagnetic spectrum strategy expected soon from the Department of Defense.

  • FCW Perspectives
    data funnel (anttoniart/

    Real-world data management

    The pandemic has put new demands on data teams, but old obstacles are still hindering agency efforts.

Stay Connected