Article

Intruder Alert: Looking at the numbers

SearchSecurity.com Staff

In February, SearchSecurity.com surveyed 307 IT professionals from a variety of industries regarding their intrusion defense programs. Here is a look at some of the questions we asked and the answers they gave.

Don't forget to check out the rest of our series:

DAY 1: Ideal intrusion defense combines processes and people

DAY 2: To executives, intrusion defense is a hard sell

DAY 3: With intrusion defense vendors, one size doesn't fit all



		1. Which of the following would you most like improved in your intrusion detection (IDS) or intrusion prevention system (IPS)? (Select up to three.)*
		35.60%	Better detection and prevention of insider threats, such as employees abusing policy and downloading proprietary information onto flash drives
		32.70%	Better spyware prevention, fewer false positives and the ability to separate serious attacks from network noise
		30.40%	Detect unknown/zero-day attacks
		25.80%	Decrease/prevent viruses and worms
		25.20%	Correlate threats to vulnerabilities
		* - Top five most-popular results listed

		2. Rate your satisfaction with each of the following intrusion defense products deployed in your organization:
		Network firewalls:
		71.57%	Very satisfied
		23.20%	Somewhat satisfied
		2.61%	Not satisfied
		2.61%	Haven't deployed it

		Antivirus/desktop:
		64.38%	Very satisfied
		31.05%	Somewhat satisfied
		3.27%	Not satisfied
		1.31%	Haven't deployed it

		Antivirus/server:
		60.13%	Very satisfied
		30.72%	Somewhat satisfied
		3.92%	Not satisfied
		5.23%	Haven't deployed it

		Antivirus/gateway:
		51.96%	Very satisfied
		29.08%	Somewhat satisfied
		3.92%	Not satisfied
		15.03%	Haven't deployed it

		Host/application firewalls:
		33.99%	Very satisfied
		34.97%	Somewhat satisfied
		3.92%	Not satisfied
		27.12%	Haven't deployed it

		Antispyware/desktop:
		26.80%	Very satisfied
		38.89%	Somewhat satisfied
		14.38%	Not satisfied
		19.93%	Haven't deployed it

		Network-based IDS:
		26.80%	Very satisfied
		40.85%	Somewhat satisfied
		8.82%	Not satisfied
		23.53%	Haven't deployed it

		Routers/switches with content/application filtering built in:
		27.78%	Very satisfied
		32.03%	Somewhat satisfied
		4.25%	Not satisfied
		35.95%	Haven't deployed it

		Antispyware/gateway:
		22.55%	Very satisfied
		27.45%	Somewhat satisfied
		11.44%	Not satisfied
		38.56%	Haven't deployed it

		Antispyware/server:
		22.22%	Very satisfied
		29.08%	Somewhat satisfied
		11.44%	Not satisfied
		37.25%	Haven't deployed it

		Network-based IPS:
		22.22%	Very satisfied
		30.72%	Somewhat satisfied
		6.54%	Not satisfied
		40.52%	Haven't deployed it

		Network anomaly detection systems:
		19.61%	Very satisfied
		26.80%	Somewhat satisfied
		5.56%	Not satisfied
		48.04%	Haven't deployed it

		Host-based IDS:
		17.97%	Very satisfied
		33.33%	Somewhat satisfied
		9.15%	Not satisfied
		39.54%	Haven't deployed it

		Host-based IPS:
		16.99%	Very satisfied
		26.80%	Somewhat satisfied
		6.86%	Not satisfied
		49.35%	Haven't deployed it

		Security event/info management (SEIM/SIM):
		12.42%	Very satisfied
		31.37%	Somewhat satisfied
		11.44%	Not satisfied
		44.77%	Haven't deployed it

		Unified threat management appliance:
		11.11%	Very satisfied
		27.78%	Somewhat satisfied
		8.50%	Not satisfied
		52.61%	Haven't deployed it

		3. Will you be spending more, the same or less money on the following intrusion defense products this year?
		Network-based IPS
		26.14%	Spending more
		30.07%	Spending the same
		3.59%	Spending less
		14.71%	Are not spending

		Security event/info management (SEIM/SIM):
		23.86%	Spending more
		24.84%	Spending the same
		4.58%	Spending less
		19.28%	Are not spending

		Network-based IDS:
		22.95%	Spending more
		39.34%	Spending the same
		6.56%	Spending less
		11.80%	Are not spending

		Network firewalls:
		20.59%	Spending more
		49.35%	Spending the same
		7.84%	Spending less
		7.84%	Are not spending

		Routers/switches with built-in content/application filtering:
		20.26%	Spending more
		34.97%	Spending the same
		4.58%	Spending less
		17.32%	Are not spending

		Host-based IPS:
		18.03%	Spending more
		26.89%	Spending the same
		4.26%	Spending less
		24.26%	Are not spending

		Antispyware/desktop:
		17.65%	Spending more
		44.77%	Spending the same
		6.54%	Spending less
		12.75%	Are not spending

		Unified threat management appliance:
		16.99%	Spending more
		23.20%	Spending the same
		2.94%	Spending less
		24.18%	Are not spending

		Network anomaly detection systems
		16.07%	Spending more
		30.49%	Spending the same
		3.61%	Spending less
		17.38%	Are not spending

		Antispyware/gateway:
		16.01%	Spending more
		38.56%	Spending the same
		4.25%	Spending less
		16.67%	Are not spending

		Antispyware/server:
		15.69%	Spending more
		38.89%	Spending the same
		4.25%	Spending less
		16.67%	Are not spending

		Host-based IDS:
		15.69%	Spending more
		30.07%	Spending the same
		6.21%	Spending less
		22.88%	Are not spending

		Host/application firewalls:
		13.73%	Spending more
		38.24%	Spending the same
		5.88%	Spending less
		19.61%	Are not spending

		Antivirus/server:
		10.78%	Spending more
		63.07%	Spending the same
		5.23%	Spending less
		10.13%	Are not spending

		Antivirus/desktop:
		10.78%	Spending more
		66.34%	Spending the same
		3.92%	Spending less
		9.15%	Are not spending

		Antivirus/gateway:
		9.48%	Spending more
		55.23%	Spending the same
		4.90%	Spending less
		16.34%	Are not spending

		4. Choose true or false for the following statements*:
		In 2006 I'm trying to make intrusion detection/prevention a more strategic part of security management.
		75.82%	True
		9.48%	False

		Freeware IDSes (e.g., Snort) are just as effective as commercial IDSes.
		35.62%	True
		28.10%	False

		Freeware IDSes (e.g., Snort) have the same level of features and functions as commercial IDSes.
		24.51%	True
		41.50%	False

		My company will buy a new IDS/IPS in 2006.
		19.93%	True
		34.97%	False

		My company will upgrade (from the same vendor) an existing IDS/IPS in 2006.
		24.18%	True
		38.56%	False

		My company will renew an existing IDS/IPS license at an existing level in 2006.
		35.29%	True
		30.39%	False

		My company will replace my existing IDS/IPS with a new system from a different vendor in 2006.
		10.46%	True
		50.33%	False

		My company will not renew an existing license, and we have no plans to replace it.
		11.76%	True
		58.50%	False

		My company has not purchased IDS/IPS in the past and won't do so in 2006.
		11.44%	True
		65.03%	False

		Intrusion detection/prevention is best done at the network level.
		51.31%	True
		24.84%	False

		IDSes/IPSes will be obsolete in five years as the function becomes embedded in the network/applications.
		24.26%	True
		37.70%	False

		I consider Security Information/Event Management (SIM/SEIM) an important part of my company's total approach to intrusion defense.
		72.55%	True
		8.50%	False

		I consider vulnerability management an important part of my company's total approach to intrusion defense.
		85.62%	True
		3.59%	False
		* - In cases where respondents declined to answer, totals do not equal 100%.

		5. Which of the following reasons would prompt you to drop your current IDS/IPS vendor and buy from a different one? (Select up to three.)*
		45.40%	A different vendor's product is better at detecting/preventing attacks.
		35.60%	A different vendor's product is easier to install/administer/manage.
		33.00%	A different vendor's product offers a wider array of security functions and features.
		32.70%	A different vendor's product integrates into our infrastructure better than the current one.
		25.20%	A different vendor's system is cheaper and offers the same level of security.
		* - Top five most-popular results listed

		6. Which of the following vendors' intrusion detection/prevention products do you use? (Check all that apply.)*
		42.50%	Cisco
		34.00%	Symantec
		30.10%	Snort/other freeware
		25.50%	McAfee
		25.50%	Microsoft
		19.90%	CheckPoint/Sourcefire
		* - Top five most-popular results listed

		7. Who is your primary intrusion detection/prevention (IDS/IPS) vendor?
		20.30%	Cisco
		14.70%	Symantec
		12.10%	Snort/other freeware
		10.50%	None
		7.80%	Other

		8. What was the main reason you chose the vendor selected above?
		20.90%	Fit into infrastructure
		19.00%	Superior security functionality
		16.30%	Product was already installed
		14.10%	Cost
		12.70%	Other

		9. Rate the following non-technical obstacles based on the impact they have on your company's ability to defend against intruders:
		Budget constraints:
		28.34%	It's a significant problem
		42.35%	It's a problem
		21.50%	It's not a problem

		Lack of upper management support:
		19.22%	It's a significant problem
		30.94%	It's a problem
		37.13%	It's not a problem

		Employee training:
		18.24%	It's a significant problem
		37.46%	It's a problem
		33.88%	It's not a problem

		Incomplete product sets/technology:
		12.70%	It's a significant problem
		43.97%	It's a problem
		25.73%	It's not a problem

		Lack of vendor support:
		12.05%	It's a significant problem
		29.32%	It's a problem
		41.37%	It's not a problem

		Vendor confusion/ambiguity:
		9.77%	It's a significant problem
		29.32%	It's a problem
		41.37%	It's not a problem

		10. Rate the following technical obstacles based on the impact they have on your company's ability to defend against intruders:
		Managing logs:
		21.50%	It's a significant problem
		38.11%	It's a problem
		28.66%	It's not a problem

		Separating legitimate traffic from malicious traffic without false positives/negatives:
		17.26%	It's a significant problem
		52.77%	It's a problem
		17.26%	It's not a problem

		Tuning intrusion detection/prevention systems for your environment:
		16.94%	It's a significant problem
		39.41%	It's a problem
		28.34%	It's not a problem

		Turning on application-layer scanning without hurting traffic throughput:
		16.94%	It's a significant problem
		39.09%	It's a problem
		21.82%	It's not a problem

		Integrating multiple vendors' intrusion defense products:
		14.33%	It's a significant problem
		36.81%	It's a problem
		30.62%	It's not a problem

		Creating useful reports for management/business intelligence:
		13.68%	It's a significant problem
		42.35%	It's a problem
		28.34%	It's not a problem

		Defining spyware/adware:
		11.76%	It's a significant problem
		44.77%	It's a problem
		31.05%	It's not a problem

		Prioritizing threat response:
		10.46%	It's a significant problem
		44.77%	It's a problem
		30.72%	It's not a problem

		Using system outputs to see the big picture of total network security posture:
		10.42%	It's a significant problem
		40.07%	It's a problem
		28.66%	It's not a problem

		Setting a baseline for "normal" network behavior:
		9.12%	It's a significant problem
		47.56%	It's a problem
		28.34%	It's not a problem

		The reactive nature of signature-based AV, antispyware and IDS:
		7.49%	It's a significant problem
		45.28%	It's a problem
		34.85%	It's not a problem

		Pushing signature updates to the desktop:
		2.28%	It's a significant problem
		21.50%	It's a problem
		65.47%	It's not a problem

Latest Headlines

Featured

E-Books

E-Zines

E-Handbooks

Topics

Hot Topics

Tips

Ask a Question

Research Library

Product Demos

Resource Centers

Conferences

Seminars

Intruder Alert: Looking at the numbers

More News and Tutorials

Articles

Related glossary terms

Join the conversationComment

Share

Comments

Results

Contribute to the conversation

Latest News

More from Related TechTarget Sites