The development prospect of IDs products

The debate over whether IDs (intrusion detection systems) or IPS (Intrusion prevention systems) has been more robust since the famous market research firm Gartner published its report in June 2003 entitled "The Death of an intrusion detection system" has never stopped. However, the debate has never solved the actual problem, whether it is the media coverage, or the renovation of manufacturers hype, or scholars of the repeated argument, can not control the actual trend of a product in the market, the market is the only standard to test the vitality of products. Should see, after 2004, 20,052 years of development, IPs products in the camp is expanding, the introduction of products are more and more rich, but there are still many manufacturers in the field of IDs concentrate on operating, user groups are also expanding, and launched a number of exciting new products, For example, the Beijing Banyan Net Ann recently launched a powerful Rj-ids series of intrusion detection products, can be seen as the domestic IDs products are still the Dongfeng blowing evidence. is the new product of the Banyan tree to the current or upstream? What is the future of the domestic IDs product, perhaps we need to have a comprehensive understanding of the product characteristics of IDs and their trends over the past two years, so that they do not get taken for granted by the numerous, but not necessarily credible, words that fill us.

Not friends, not opponents.

We must first understand that IDs and IPs for two different types of products, to meet the user's network security of different type of demand, there is no direct market competition, from a technical point of view, its development direction is not the same. In this connection, even if we are far from the level of the Masters of Computer Science, we can be proved by careful search of the published literature, albeit with a little effort. Simply put, especially in the high-speed network environment and large network environment, the overall security form of the network and interception of a specific attack is equally important, so that IDs and IPs can be along the two-way line on the development of independent, without the same as from different factions of the people fighting. From the product competition relationship, it is possible to collide with IPs is UTM (Unified threat management platform), because they are the same type of security products, and UTM contains more than IPs security features, IPS is only a subset of UTM, theoretically, UTM can devour IPs. and IDs and IPs have basically the same core technology, namely detection engine and Intrusion feature library, the introduction of IPs products on the basis of IDs products is not a difficult thing, and vice versa, they can evolve into a symbiotic relationship.

A very optimistic product.

Of course, even without the threat from IPs, IDs still need to get the market recognition, otherwise it will be like a meteor in the dazzling arc after the trail. Objectively speaking, at the beginning of the IDs market, arguments and speculations about the future of IDs make the product's outlook seem less rosy, at least for some pessimists and critics who dislike IDs, but over the years digital statistics have brought some excitement to people who love IDs. Statistics show that 2003 China IDs market sales are 275 million yuan, 2004 rose to 380 million yuan, accounting for China's network security market share of 10.9% of the year, 2005 IDs accounted for the security market total of 11.2% of the year, the market sales reached 5. 500 million yuan. With the development of IDs products and the maturity of users, IDS product market capacity is steadily climbing. These figures are sufficient to illustrate the great prospect of the IDs market and are the most promising network security products following the firewall product.

IDs in Evolution

In IDs up to now not long life cycle, it is also under the painstaking work of technical experts to constantly self-improvement, from simply intercepting a malicious attack from hackers, and gradually towards security incident management (Sem:security eventmanagement) and security Information management (SIM: Security Infomationmanagement the road, and will eventually be remitted into the network safety management system of the sea, which should be a historical necessity. In view of this, the Banyan Rj-ids products will be the Intrusion event information, vulnerability scanning system vulnerabilities, firewall event information, User Service system of the availability of events and so on, through the overall analysis, and through a variety of views to show the user will conform to the trend of the development of IDs, the exact saying, is standing in the forefront of product development trends, which has been in the network security technology of the Banyan network Ann is not really a difficult thing. Once the IDs of network security management as the ultimate goal of self-improvement, it is equivalent to the direction of development in the network security technology, if successful, will become an indispensable part of the future network security technology, IDS will be with the network.

The question remains, but hope is greater.

Of course, for critics who have been trying to prove the future of IDs bleak for a variety of reasons, there are still some reasons why they can still hold up the banner of criticism in the ascendant of IDs, and organize effective positions to counterattack, which is the problem of false reports and false positives that have plagued almost all IDs. It must be admitted that hackers are mostly clever computer technology experts (although it also includes some bold more than ingenuity), they always hide in the dark place to launch missiles to the network, and the interception of missiles is indeed more difficult than the bombardment of fixed targets many. But security technologists are also adept at attacking and attacking, and at present many network security companies have recruited expertise that is comparable to hackers, and accurate interception of black missiles is perfectly achievable.

The Banyan net Ann Company mentioned above has concentrated on many excellent safety technologists in the industry, on the basis of the research on network security technology and hacker technology for many years, the Banyan Net Ann has summed up a set of effective detection means, false positive rate, false report rate are far lower than similar products at home and abroad, and has been approved by the authoritative agencies.

IDS technology is better than the top floor

In the network security attack and defense contest, although the user can not restrain the hackers, but to improve the speed of the anti-hacker technology can be done. In the newly launched Banyan Rj-ids, we see a number of new technologies that will make hackers headache. Banyan Rj-ids Series products have all the features of the mainstream IDs product. All Banyan Rj-ids Model products can achieve dual network interface or multiple network interface detection, multi-network interface detector can simultaneously monitor multiple switches, multiple VLAN data, reduce the user's investment. Its gigabit models using high-speed chip board, so that a single device to achieve the highest detection capacity of "wire speed", is the real "gigabit" intrusion detection products. Through its multi-level management function can meet the application of large-scale projects, can easily deploy in the Gigabit network environment, at the same time, analysis of the downlink network data, to achieve the central node detector at all levels of user unified management, the right to assign unified management, unified management of policy distribution and other centralized management functions, Help enterprises to maximize the protection of the network security within the enterprise.

The technology is no doubt another leap forward in the anti-hacking technology, the Banyan has progressed, IDS has progressed, and hackers need to do more. If the domestic manufacturers of IDs continue to have such technological progress, IDS can be in the future of network security technology to become a backbone is no longer a need to explore the problem.