IDS 'will struggle as standalone industry'
Report doubts viability of technology, favouring prevention instead
The intrusion detection system (IDS) market is going to struggle as a standalone industry in the future, according to Gartner's latest Magic Quadrant report.
Richard Stiennon, the author of the report, claimed the IDS market was marked by turmoil in 2003 and is "struggling to justify inordinate investments in complicated, expensive technology that does little to protect the enterprise".
According to the report, the top performers in the market were Network Associates, Cisco, Symantec and Internet Security Systems.
Enterasys was categorised as a 'Challenger' and 'Visionaries' included Lancope, Arbor Networks and Mazu Networks. Niche players were listed as Tripwire, NFR Security, Sourcefire and Snort.
The report also stated that due to acquisitions and innovation in 2003, the vendor landscape has changed. Major acquisitions included Symantec buying Recourse Technologies, Cisco acquiring Okena, and Network Associates acquiring Entercept and intruVert.
Stiennon claimed that IDS has reached the "peak of its usefulness as a standalone technology". He warned that vendors should move towards an intrusion-prevention model.
"IDS vendors that have not introduced blocking capabilities by the end of 2004 will not be viable providers beyond the end of 2005," the report claimed.
But Kevin Chapman, channel director at Symantec, said the market was not so black and white.
"Many of today's attacks happen inside the firewall as a result of employees being given authority to use the network. Quite often, IDS is the only technology that can alert security administrators to what is happening and is the best at detecting emerging and unknown threats," he said.
"There are products on the market that don't do such a good job, and there have been problems with false positives and false negatives, but the technology has matured. IDS is vital to an integrated security approach."