Chapter 7. Network Intrusion Detection and Analysis
“IDS is dead.”
—Gartner, 2003
It may seem, based on the title of this chapter, that we’re somewhat behind the times. After all, Gartner famously pronounced intrusion detection dead many years ago,1 asserting in 2003 that intrusion detection systems (IDSs) would be obsolete by 2005 and that everyone would be better off putting their money into preventative technologies (i.e., firewalls). Subsequently, most vendors followed suit, rebranding all of their detection solutions as “intrusion prevention systems (IPSs).” This wasn’t all that difficult to do, as many already included automated remediative actions as configurable options. It wasn’t a magical new technology so much as a marketing strategy ...
Get Network Forensics: Tracking Hackers through Cyberspace now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
