Intruder Alert: Looking at the numbers

In February, SearchSecurity.com surveyed 307 IT professionals from a variety of industries regarding their intrusion defense programs. Here is a look at some of the questions we asked and the answers they gave.

In February, SearchSecurity.com surveyed 307 IT professionals from a variety of industries regarding their intrusion defense programs. Here is a look at some of the questions we asked and the answers they gave.

Don't forget to check out the rest of our series:

  • DAY 1: Ideal intrusion defense combines processes and people
  • DAY 2: To executives, intrusion defense is a hard sell
  • DAY 3: With intrusion defense vendors, one size doesn't fit all

                         
                         
        1. Which of the following would you most like improved in your intrusion detection (IDS) or intrusion prevention system (IPS)? (Select up to three.)*    
        35.60% Better detection and prevention of insider threats, such as employees abusing policy and downloading proprietary information onto flash drives    
        32.70% Better spyware prevention, fewer false positives and the ability to separate serious attacks from network noise    
        30.40% Detect unknown/zero-day attacks        
        25.80% Decrease/prevent viruses and worms    
        25.20% Correlate threats to vulnerabilities        
        * - Top five most-popular results listed    
                         
        2. Rate your satisfaction with each of the following intrusion defense products deployed in your organization:    
        Network firewalls:    
        71.57% Very satisfied            
        23.20% Somewhat satisfied    
        2.61% Not satisfied            
        2.61% Haven't deployed it    
           
        Antivirus/desktop:    
        64.38% Very satisfied            
        31.05% Somewhat satisfied    
        3.27% Not satisfied            
        1.31% Haven't deployed it    
           
        Antivirus/server:    
        60.13% Very satisfied            
        30.72% Somewhat satisfied    
        3.92% Not satisfied            
        5.23% Haven't deployed it    
           
        Antivirus/gateway:    
        51.96% Very satisfied            
        29.08% Somewhat satisfied    
        3.92% Not satisfied            
        15.03% Haven't deployed it    
           
        Host/application firewalls:    
        33.99% Very satisfied            
        34.97% Somewhat satisfied    
        3.92% Not satisfied            
        27.12% Haven't deployed it    
           
        Antispyware/desktop:    
        26.80% Very satisfied            
        38.89% Somewhat satisfied    
        14.38% Not satisfied            
        19.93% Haven't deployed it    
           
        Network-based IDS:    
        26.80% Very satisfied            
        40.85% Somewhat satisfied    
        8.82% Not satisfied            
        23.53% Haven't deployed it    
           
        Routers/switches with content/application filtering built in:    
        27.78% Very satisfied            
        32.03% Somewhat satisfied    
        4.25% Not satisfied            
        35.95% Haven't deployed it    
           
        Antispyware/gateway:    
        22.55% Very satisfied            
        27.45% Somewhat satisfied    
        11.44% Not satisfied            
        38.56% Haven't deployed it    
           
        Antispyware/server:    
        22.22% Very satisfied            
        29.08% Somewhat satisfied    
        11.44% Not satisfied            
        37.25% Haven't deployed it    
           
        Network-based IPS:    
        22.22% Very satisfied            
        30.72% Somewhat satisfied    
        6.54% Not satisfied            
        40.52% Haven't deployed it    
           
        Network anomaly detection systems:    
        19.61% Very satisfied            
        26.80% Somewhat satisfied    
        5.56% Not satisfied            
        48.04% Haven't deployed it    
           
        Host-based IDS:    
        17.97% Very satisfied            
        33.33% Somewhat satisfied    
        9.15% Not satisfied            
        39.54% Haven't deployed it    
           
        Host-based IPS:    
        16.99% Very satisfied            
        26.80% Somewhat satisfied    
        6.86% Not satisfied            
        49.35% Haven't deployed it    
           
        Security event/info management (SEIM/SIM):    
        12.42% Very satisfied            
        31.37% Somewhat satisfied    
        11.44% Not satisfied            
        44.77% Haven't deployed it    
           
        Unified threat management appliance:    
        11.11% Very satisfied            
        27.78% Somewhat satisfied    
        8.50% Not satisfied            
        52.61% Haven't deployed it    
                         
        3. Will you be spending more, the same or less money on the following intrusion defense products this year?    
        Network-based IPS    
        26.14% Spending more            
        30.07% Spending the same    
        3.59% Spending less            
        14.71% Are not spending    
           
        Security event/info management (SEIM/SIM):    
        23.86% Spending more            
        24.84% Spending the same    
        4.58% Spending less            
        19.28% Are not spending    
           
        Network-based IDS:    
        22.95% Spending more            
        39.34% Spending the same    
        6.56% Spending less            
        11.80% Are not spending    
           
        Network firewalls:    
        20.59% Spending more            
        49.35% Spending the same    
        7.84% Spending less            
        7.84% Are not spending    
           
        Routers/switches with built-in content/application filtering:    
        20.26% Spending more            
        34.97% Spending the same    
        4.58% Spending less            
        17.32% Are not spending    
           
        Host-based IPS:    
        18.03% Spending more            
        26.89% Spending the same    
        4.26% Spending less            
        24.26% Are not spending    
           
        Antispyware/desktop:    
        17.65% Spending more            
        44.77% Spending the same    
        6.54% Spending less            
        12.75% Are not spending    
           
        Unified threat management appliance:    
        16.99% Spending more            
        23.20% Spending the same    
        2.94% Spending less            
        24.18% Are not spending    
           
        Network anomaly detection systems    
        16.07% Spending more            
        30.49% Spending the same    
        3.61% Spending less            
        17.38% Are not spending    
           
        Antispyware/gateway:    
        16.01% Spending more            
        38.56% Spending the same    
        4.25% Spending less            
        16.67% Are not spending    
           
        Antispyware/server:    
        15.69% Spending more            
        38.89% Spending the same    
        4.25% Spending less            
        16.67% Are not spending    
           
        Host-based IDS:    
        15.69% Spending more            
        30.07% Spending the same    
        6.21% Spending less            
        22.88% Are not spending    
           
        Host/application firewalls:    
        13.73% Spending more            
        38.24% Spending the same    
        5.88% Spending less            
        19.61% Are not spending    
           
        Antivirus/server:    
        10.78% Spending more            
        63.07% Spending the same    
        5.23% Spending less            
        10.13% Are not spending    
           
        Antivirus/desktop:    
        10.78% Spending more            
        66.34% Spending the same    
        3.92% Spending less            
        9.15% Are not spending    
           
        Antivirus/gateway:    
        9.48% Spending more            
        55.23% Spending the same    
        4.90% Spending less            
        16.34% Are not spending    
                         
        4. Choose true or false for the following statements*:    
        In 2006 I'm trying to make intrusion detection/prevention a more strategic part of security management.    
        75.82% True    
        9.48% False              
           
        Freeware IDSes (e.g., Snort) are just as effective as commercial IDSes.    
        35.62% True    
        28.10% False              
           
        Freeware IDSes (e.g., Snort) have the same level of features and functions as commercial IDSes.    
        24.51% True    
        41.50% False              
           
        My company will buy a new IDS/IPS in 2006.    
        19.93% True    
        34.97% False              
           
        My company will upgrade (from the same vendor) an existing IDS/IPS in 2006.    
        24.18% True    
        38.56% False              
           
        My company will renew an existing IDS/IPS license at an existing level in 2006.    
        35.29% True    
        30.39% False              
           
        My company will replace my existing IDS/IPS with a new system from a different vendor in 2006.    
        10.46% True    
        50.33% False              
           
        My company will not renew an existing license, and we have no plans to replace it.    
        11.76% True    
        58.50% False              
           
        My company has not purchased IDS/IPS in the past and won't do so in 2006.    
        11.44% True    
        65.03% False              
           
        Intrusion detection/prevention is best done at the network level.    
        51.31% True    
        24.84% False              
           
        IDSes/IPSes will be obsolete in five years as the function becomes embedded in the network/applications.    
        24.26% True    
        37.70% False              
           
        I consider Security Information/Event Management (SIM/SEIM) an important part of my company's total approach to intrusion defense.    
        72.55% True    
        8.50% False              
           
        I consider vulnerability management an important part of my company's total approach to intrusion defense.    
        85.62% True    
        3.59% False              
        * - In cases where respondents declined to answer, totals do not equal 100%.    
                         
        5. Which of the following reasons would prompt you to drop your current IDS/IPS vendor and buy from a different one? (Select up to three.)*    
        45.40% A different vendor's product is better at detecting/preventing attacks.    
        35.60% A different vendor's product is easier to install/administer/manage.    
        33.00% A different vendor's product offers a wider array of security functions and features.    
        32.70% A different vendor's product integrates into our infrastructure better than the current one.    
        25.20% A different vendor's system is cheaper and offers the same level of security.    
        * - Top five most-popular results listed    
                         
        6. Which of the following vendors' intrusion detection/prevention products do you use? (Check all that apply.)*    
        42.50% Cisco    
        34.00% Symantec    
        30.10% Snort/other freeware    
        25.50% McAfee    
        25.50% Microsoft    
        19.90% CheckPoint/Sourcefire    
        * - Top five most-popular results listed    
                         
        7. Who is your primary intrusion detection/prevention (IDS/IPS) vendor?    
        20.30% Cisco    
        14.70% Symantec    
        12.10% Snort/other freeware    
        10.50% None    
        7.80% Other    
                         
        8. What was the main reason you chose the vendor selected above?    
        20.90% Fit into infrastructure    
        19.00% Superior security functionality    
        16.30% Product was already installed    
        14.10% Cost    
        12.70% Other    
                         
        9. Rate the following non-technical obstacles based on the impact they have on your company's ability to defend against intruders:    
        Budget constraints:    
        28.34% It's a significant problem          
        42.35% It's a problem    
        21.50% It's not a problem            
           
        Lack of upper management support:    
        19.22% It's a significant problem          
        30.94% It's a problem    
        37.13% It's not a problem            
           
        Employee training:    
        18.24% It's a significant problem          
        37.46% It's a problem    
        33.88% It's not a problem            
           
        Incomplete product sets/technology:    
        12.70% It's a significant problem          
        43.97% It's a problem    
        25.73% It's not a problem            
           
        Lack of vendor support:    
        12.05% It's a significant problem          
        29.32% It's a problem    
        41.37% It's not a problem            
           
        Vendor confusion/ambiguity:    
        9.77% It's a significant problem          
        29.32% It's a problem    
        41.37% It's not a problem            
                         
        10. Rate the following technical obstacles based on the impact they have on your company's ability to defend against intruders:    
        Managing logs:    
        21.50% It's a significant problem          
        38.11% It's a problem    
        28.66% It's not a problem            
           
        Separating legitimate traffic from malicious traffic without false positives/negatives:    
        17.26% It's a significant problem          
        52.77% It's a problem    
        17.26% It's not a problem            
           
        Tuning intrusion detection/prevention systems for your environment:    
        16.94% It's a significant problem          
        39.41% It's a problem    
        28.34% It's not a problem            
           
        Turning on application-layer scanning without hurting traffic throughput:    
        16.94% It's a significant problem          
        39.09% It's a problem    
        21.82% It's not a problem            
           
        Integrating multiple vendors' intrusion defense products:    
        14.33% It's a significant problem          
        36.81% It's a problem    
        30.62% It's not a problem            
           
        Creating useful reports for management/business intelligence:    
        13.68% It's a significant problem          
        42.35% It's a problem    
        28.34% It's not a problem            
           
        Defining spyware/adware:    
        11.76% It's a significant problem          
        44.77% It's a problem    
        31.05% It's not a problem            
           
        Prioritizing threat response:    
        10.46% It's a significant problem          
        44.77% It's a problem    
        30.72% It's not a problem            
           
        Using system outputs to see the big picture of total network security posture:    
        10.42% It's a significant problem          
        40.07% It's a problem    
        28.66% It's not a problem            
           
        Setting a baseline for "normal" network behavior:    
        9.12% It's a significant problem          
        47.56% It's a problem    
        28.34% It's not a problem            
           
        The reactive nature of signature-based AV, antispyware and IDS:    
        7.49% It's a significant problem          
        45.28% It's a problem    
        34.85% It's not a problem            
           
        Pushing signature updates to the desktop:    
        2.28% It's a significant problem          
        21.50% It's a problem    
        65.47% It's not a problem            
                         
                         

    This article originally appeared on SearchSecurity.com.

  • Dig deeper on Windows Server and Network Security

    Pro+

    Features

    Enjoy the benefits of Pro+ membership, learn more and join.

    0 comments

    Oldest 

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to:

    -ADS BY GOOGLE

    SearchServerVirtualization

    SearchCloudComputing

    SearchExchange

    SearchSQLServer

    SearchWinIT

    SearchEnterpriseDesktop

    SearchVirtualDesktop

    Close