Gartner Research

Network Intrusion Detection and Response

Published: 05 December 2007

ID: G00203440

Analyst(s): Daniel Blum

Summary

An important part of an organization's security architecture, network intrusion detection and response systems (NIDRS) involve a complex set of choices. Enterprise security teams must determine how to select solutions, decide on appropriate detection and response techniques, and grapple with issues surrounding automated response. In this revised Security and Risk Management Strategies technical position, Analyst Pete Lindstrom augments Trent Henry's guidance for creating a NIDRS architecture.

Table Of Contents

Decision Point

Typical Requirements

  • Identifying Attacks
  • Detecting Violations of Policy
  • Verifying Protection
  • Auditing Network Operations
  • NIDRS as Part of the Security Architecture
  • Wireless Networks

Alternatives

  • Detection Techniques
  • Location of Sensors
  • Types of Sensors
  • Topology
  • Where to Make Response Decisions
  • Types of Responses
  • Automated Response
  • Wireless Response
  • Using Deception Technologies

Future Developments

  • Multi-Function Perimeter Security Devices
  • Network Access Control
  • Pushing Attacks Upstream
  • Deception Technologies
  • Public Access/Outsourced Networks

Evaluation Criteria

Statement & Basis for Position

  • Intrusion Detection Position
    • Types of Detection Techniques Position
    • Sensor Placement Position
    • Honeypots Position
  • Feedback and Control Position
    • Zone Sensor/Actuator Topology Position
    • Subzone Sensor/Actuator Topology Position
    • Policy Monitoring Position
    • Policy Decision Point Position
  • Intrusion Response Position
    • Prioritizing Responses Position
    • Automated Response Position
    • Policy Enforcement Point Position
    • Deception Position

Relationship to Other Components

Revision History

Notes

©2020 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates. This publication may not be reproduced or distributed in any form without Gartner’s prior written permission. It consists of the opinions of Gartner’s research organization, which should not be construed as statements of fact. While the information contained in this publication has been obtained from sources believed to be reliable, Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information. Although Gartner research may address legal and financial issues, Gartner does not provide legal or investment advice and its research should not be construed or used as such. Your access and use of this publication are governed by Gartner’s Usage Policy. Gartner prides itself on its reputation for independence and objectivity. Its research is produced independently by its research organization without input or influence from any third party. For further information, see Guiding Principles on Independence and Objectivity.

Already have a Gartner Account?

Become a client

Learn how to access this content as a Gartner client.