Gartner Information Security Hype Cycle Declares Intrusion Detection Systems a Market Failure
Money Slated for Intrusion Detection Should Be Invested in Firewalls
STAMFORD, CONN., June 11, 2003 — Protecting enterprises from hackers, viruses and other security vulnerabilities is a primary concern for all IS departments, and many have relied on intrusion detection systems (IDSs) as a solution. However, according to the Gartner, Inc. (NYSE: IT and ITB) Information Security Hype Cycle, IDSs have failed to provide value relative to its costs and will be obsolete by 2005.
The Gartner Information Security Hype Cycle shows that IDS technology does not add an additional layer of security as promised by vendors. In many cases IDS implementation has proven to be costly and an ineffective investment.
Gartner recommends that enterprises redirect the money they would have spent on IDS toward defense applications such as those offered by thought-leading firewall vendors that offer both network-level and application-level firewall capabilities in an integrated product.
"Intrusion detection systems are a market failure, and vendors are now hyping intrusion prevention systems, which have also stalled," said Richard Stiennon, research vice president for Gartner. "Functionality is moving into firewalls, which will perform deep packet inspection for content and malicious traffic blocking, as well as antivirus activities."
According to the Gartner Information Security Hype Cycle research, some of the problems associated with IDSs are:
False positives and negatives
An increased burden on the IS organization by requiring full-time monitoring (24 hours a day, seven days a week, 365 days a year)
A taxing incident-response process
An inability to monitor traffic at transmission rates greater than 600 megabits per second
"Firewalls are the most-effective defense against cyberintruders on the network, and they are becoming increasingly better at blocking network-based attacks," said Stiennon. "To be considered as a challenger, visionary or leader, a vendor must have both network-level and application-level firewall capabilities in an integrated product. Vendors that have only one or the other will be niche players."
Gartner has analyzed the maturity of more than 500 technologies and has released the findings in a series of interactive Hype Cycles. Each Hype Cycle document focuses on a particular segment and can include more than 15 related technologies. The interactive format of the Hype Cycles enables users to dig deeper into particular technologies of interest by clicking through the Hype Cycle documents to related Gartner research on the individual technology.
The Gartner Information Security Hype Cycle is one of 18 Hype Cycles recently launched by Gartner. The Information Security Hype Cycle analyzes 20 different technologies within the information security market, including IDSs, deep packet inspection firewalls, security platforms, Wi-Fi protected access security, Web services security standards, identity and access management, public-key infrastructure and Secure Sockets Layer.
About Gartner:
Gartner, Inc. is the leading provider of
research and analysis on the global information technology industry. Gartner serves more
than 10,000 clients, including chief information officers and other senior IT executives
in corporations and government agencies, as well as technology companies and the
investment community. The Company focuses on delivering objective, in-depth analysis
and actionable advice to enable clients to make more informed business and technology
decisions. The Company's businesses consist of Gartner Intelligence, research and
events for IT professionals; Gartner Executive Programs, membership programs and peer
networking services; and Gartner Consulting, customized engagements with a specific
emphasis on outsourcing and IT management. Founded in 1979, Gartner is headquartered in
Stamford, Connecticut, and has 3,700 associates, including more than 1,000 research
analysts and consultants, in more than 75 locations worldwide. For more information,
visit www.gartner.com.
