Article

Intruder Alert: Looking at the numbers

SearchSecurity.com Staff

In February, SearchSecurity.com surveyed 307 IT professionals from a variety of industries regarding their intrusion defense programs. Here is a look at some of the questions we asked and the answers they gave.

Don't forget to check out the rest of our series:

  • DAY 1: Ideal intrusion defense combines processes and people
    • Requires Free Membership to View


    • DAY 2: To executives, intrusion defense is a hard sell
    • DAY 3: With intrusion defense vendors, one size doesn't fit all

                           
                           
          1. Which of the following would you most like improved in your intrusion detection (IDS) or intrusion prevention system (IPS)? (Select up to three.)*    
          35.60% Better detection and prevention of insider threats, such as employees abusing policy and downloading proprietary information onto flash drives    
          32.70% Better spyware prevention, fewer false positives and the ability to separate serious attacks from network noise    
          30.40% Detect unknown/zero-day attacks        
          25.80% Decrease/prevent viruses and worms    
          25.20% Correlate threats to vulnerabilities        
          * - Top five most-popular results listed    
                           
          2. Rate your satisfaction with each of the following intrusion defense products deployed in your organization:    
          Network firewalls:    
          71.57% Very satisfied            
          23.20% Somewhat satisfied    
          2.61% Not satisfied            
          2.61% Haven't deployed it    
             
          Antivirus/desktop:    
          64.38% Very satisfied            
          31.05% Somewhat satisfied    
          3.27% Not satisfied            
          1.31% Haven't deployed it    
             
          Antivirus/server:    
          60.13% Very satisfied            
          30.72% Somewhat satisfied    
          3.92% Not satisfied            
          5.23% Haven't deployed it    
             
          Antivirus/gateway:    
          51.96% Very satisfied            
          29.08% Somewhat satisfied    
          3.92% Not satisfied            
          15.03% Haven't deployed it    
             
          Host/application firewalls:    
          33.99% Very satisfied            
          34.97% Somewhat satisfied    
          3.92% Not satisfied            
          27.12% Haven't deployed it    
             
          Antispyware/desktop:    
          26.80% Very satisfied            
          38.89% Somewhat satisfied    
          14.38% Not satisfied            
          19.93% Haven't deployed it    
             
          Network-based IDS:    
          26.80% Very satisfied            
          40.85% Somewhat satisfied    
          8.82% Not satisfied            
          23.53% Haven't deployed it    
             
          Routers/switches with content/application filtering built in:    
          27.78% Very satisfied            
          32.03% Somewhat satisfied    
          4.25% Not satisfied            
          35.95% Haven't deployed it    
             
          Antispyware/gateway:    
          22.55% Very satisfied            
          27.45% Somewhat satisfied    
          11.44% Not satisfied            
          38.56% Haven't deployed it    
             
          Antispyware/server:    
          22.22% Very satisfied            
          29.08% Somewhat satisfied    
          11.44% Not satisfied            
          37.25% Haven't deployed it    
             
          Network-based IPS:    
          22.22% Very satisfied            
          30.72% Somewhat satisfied    
          6.54% Not satisfied            
          40.52% Haven't deployed it    
             
          Network anomaly detection systems:    
          19.61% Very satisfied            
          26.80% Somewhat satisfied    
          5.56% Not satisfied            
          48.04% Haven't deployed it    
             
          Host-based IDS:    
          17.97% Very satisfied            
          33.33% Somewhat satisfied    
          9.15% Not satisfied            
          39.54% Haven't deployed it    
             
          Host-based IPS:    
          16.99% Very satisfied            
          26.80% Somewhat satisfied    
          6.86% Not satisfied            
          49.35% Haven't deployed it    
             
          Security event/info management (SEIM/SIM):    
          12.42% Very satisfied            
          31.37% Somewhat satisfied    
          11.44% Not satisfied            
          44.77% Haven't deployed it    
             
          Unified threat management appliance:    
          11.11% Very satisfied            
          27.78% Somewhat satisfied    
          8.50% Not satisfied            
          52.61% Haven't deployed it    
                           
          3. Will you be spending more, the same or less money on the following intrusion defense products this year?    
          Network-based IPS    
          26.14% Spending more            
          30.07% Spending the same    
          3.59% Spending less            
          14.71% Are not spending    
             
          Security event/info management (SEIM/SIM):    
          23.86% Spending more            
          24.84% Spending the same    
          4.58% Spending less            
          19.28% Are not spending    
             
          Network-based IDS:    
          22.95% Spending more            
          39.34% Spending the same    
          6.56% Spending less            
          11.80% Are not spending    
             
          Network firewalls:    
          20.59% Spending more            
          49.35% Spending the same    
          7.84% Spending less            
          7.84% Are not spending    
             
          Routers/switches with built-in content/application filtering:    
          20.26% Spending more            
          34.97% Spending the same    
          4.58% Spending less            
          17.32% Are not spending    
             
          Host-based IPS:    
          18.03% Spending more            
          26.89% Spending the same    
          4.26% Spending less            
          24.26% Are not spending    
             
          Antispyware/desktop:    
          17.65% Spending more            
          44.77% Spending the same    
          6.54% Spending less            
          12.75% Are not spending    
             
          Unified threat management appliance:    
          16.99% Spending more            
          23.20% Spending the same    
          2.94% Spending less            
          24.18% Are not spending    
             
          Network anomaly detection systems    
          16.07% Spending more            
          30.49% Spending the same    
          3.61% Spending less            
          17.38% Are not spending    
             
          Antispyware/gateway:    
          16.01% Spending more            
          38.56% Spending the same    
          4.25% Spending less            
          16.67% Are not spending    
             
          Antispyware/server:    
          15.69% Spending more            
          38.89% Spending the same    
          4.25% Spending less            
          16.67% Are not spending    
             
          Host-based IDS:    
          15.69% Spending more            
          30.07% Spending the same    
          6.21% Spending less            
          22.88% Are not spending    
             
          Host/application firewalls:    
          13.73% Spending more            
          38.24% Spending the same    
          5.88% Spending less            
          19.61% Are not spending    
             
          Antivirus/server:    
          10.78% Spending more            
          63.07% Spending the same    
          5.23% Spending less            
          10.13% Are not spending    
             
          Antivirus/desktop:    
          10.78% Spending more            
          66.34% Spending the same    
          3.92% Spending less            
          9.15% Are not spending    
             
          Antivirus/gateway:    
          9.48% Spending more            
          55.23% Spending the same    
          4.90% Spending less            
          16.34% Are not spending    
                           
          4. Choose true or false for the following statements*:    
          In 2006 I'm trying to make intrusion detection/prevention a more strategic part of security management.    
          75.82% True    
          9.48% False              
             
          Freeware IDSes (e.g., Snort) are just as effective as commercial IDSes.    
          35.62% True    
          28.10% False              
             
          Freeware IDSes (e.g., Snort) have the same level of features and functions as commercial IDSes.    
          24.51% True    
          41.50% False              
             
          My company will buy a new IDS/IPS in 2006.    
          19.93% True    
          34.97% False              
             
          My company will upgrade (from the same vendor) an existing IDS/IPS in 2006.    
          24.18% True    
          38.56% False              
             
          My company will renew an existing IDS/IPS license at an existing level in 2006.    
          35.29% True    
          30.39% False              
             
          My company will replace my existing IDS/IPS with a new system from a different vendor in 2006.    
          10.46% True    
          50.33% False              
             
          My company will not renew an existing license, and we have no plans to replace it.    
          11.76% True    
          58.50% False              
             
          My company has not purchased IDS/IPS in the past and won't do so in 2006.    
          11.44% True    
          65.03% False              
             
          Intrusion detection/prevention is best done at the network level.    
          51.31% True    
          24.84% False              
             
          IDSes/IPSes will be obsolete in five years as the function becomes embedded in the network/applications.    
          24.26% True    
          37.70% False              
             
          I consider Security Information/Event Management (SIM/SEIM) an important part of my company's total approach to intrusion defense.    
          72.55% True    
          8.50% False              
             
          I consider vulnerability management an important part of my company's total approach to intrusion defense.    
          85.62% True    
          3.59% False              
          * - In cases where respondents declined to answer, totals do not equal 100%.    
                           
          5. Which of the following reasons would prompt you to drop your current IDS/IPS vendor and buy from a different one? (Select up to three.)*    
          45.40% A different vendor's product is better at detecting/preventing attacks.    
          35.60% A different vendor's product is easier to install/administer/manage.    
          33.00% A different vendor's product offers a wider array of security functions and features.    
          32.70% A different vendor's product integrates into our infrastructure better than the current one.    
          25.20% A different vendor's system is cheaper and offers the same level of security.    
          * - Top five most-popular results listed    
                           
          6. Which of the following vendors' intrusion detection/prevention products do you use? (Check all that apply.)*    
          42.50% Cisco    
          34.00% Symantec    
          30.10% Snort/other freeware    
          25.50% McAfee    
          25.50% Microsoft    
          19.90% CheckPoint/Sourcefire    
          * - Top five most-popular results listed    
                           
          7. Who is your primary intrusion detection/prevention (IDS/IPS) vendor?    
          20.30% Cisco    
          14.70% Symantec    
          12.10% Snort/other freeware    
          10.50% None    
          7.80% Other    
                           
          8. What was the main reason you chose the vendor selected above?    
          20.90% Fit into infrastructure    
          19.00% Superior security functionality    
          16.30% Product was already installed    
          14.10% Cost    
          12.70% Other    
                           
          9. Rate the following non-technical obstacles based on the impact they have on your company's ability to defend against intruders:    
          Budget constraints:    
          28.34% It's a significant problem          
          42.35% It's a problem    
          21.50% It's not a problem            
             
          Lack of upper management support:    
          19.22% It's a significant problem          
          30.94% It's a problem    
          37.13% It's not a problem            
             
          Employee training:    
          18.24% It's a significant problem          
          37.46% It's a problem    
          33.88% It's not a problem            
             
          Incomplete product sets/technology:    
          12.70% It's a significant problem          
          43.97% It's a problem    
          25.73% It's not a problem            
             
          Lack of vendor support:    
          12.05% It's a significant problem          
          29.32% It's a problem    
          41.37% It's not a problem            
             
          Vendor confusion/ambiguity:    
          9.77% It's a significant problem          
          29.32% It's a problem    
          41.37% It's not a problem            
                           
          10. Rate the following technical obstacles based on the impact they have on your company's ability to defend against intruders:    
          Managing logs:    
          21.50% It's a significant problem          
          38.11% It's a problem    
          28.66% It's not a problem            
             
          Separating legitimate traffic from malicious traffic without false positives/negatives:    
          17.26% It's a significant problem          
          52.77% It's a problem    
          17.26% It's not a problem            
             
          Tuning intrusion detection/prevention systems for your environment:    
          16.94% It's a significant problem          
          39.41% It's a problem    
          28.34% It's not a problem            
             
          Turning on application-layer scanning without hurting traffic throughput:    
          16.94% It's a significant problem          
          39.09% It's a problem    
          21.82% It's not a problem            
             
          Integrating multiple vendors' intrusion defense products:    
          14.33% It's a significant problem          
          36.81% It's a problem    
          30.62% It's not a problem            
             
          Creating useful reports for management/business intelligence:    
          13.68% It's a significant problem          
          42.35% It's a problem    
          28.34% It's not a problem            
             
          Defining spyware/adware:    
          11.76% It's a significant problem          
          44.77% It's a problem    
          31.05% It's not a problem            
             
          Prioritizing threat response:    
          10.46% It's a significant problem          
          44.77% It's a problem    
          30.72% It's not a problem            
             
          Using system outputs to see the big picture of total network security posture:    
          10.42% It's a significant problem          
          40.07% It's a problem    
          28.66% It's not a problem            
             
          Setting a baseline for "normal" network behavior:    
          9.12% It's a significant problem          
          47.56% It's a problem    
          28.34% It's not a problem            
             
          The reactive nature of signature-based AV, antispyware and IDS:    
          7.49% It's a significant problem          
          45.28% It's a problem    
          34.85% It's not a problem            
             
          Pushing signature updates to the desktop:    
          2.28% It's a significant problem          
          21.50% It's a problem    
          65.47% It's not a problem            
                           
                           

      This article originally appeared on SearchSecurity.com.


    There are Comments. Add yours.

     
    TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

    REGISTER or login:

    Forgot Password?
    By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
    Sort by: OldestNewest

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to: