Chapter 7. Network Intrusion Detection and Analysis

“IDS is dead.”

—Gartner, 2003

It may seem, based on the title of this chapter, that we’re somewhat behind the times. After all, Gartner famously pronounced intrusion detection dead many years ago,1 asserting in 2003 that intrusion detection systems (IDSs) would be obsolete by 2005 and that everyone would be better off putting their money into preventative technologies (i.e., firewalls). Subsequently, most vendors followed suit, rebranding all of their detection solutions as “intrusion prevention systems (IPSs).” This wasn’t all that difficult to do, as many already included automated remediative actions as configurable options. It wasn’t a magical new technology so much as a marketing strategy ...

Get Network Forensics: Tracking Hackers through Cyberspace now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.