Gigabit-speed intrusion-detection systems miss attacks on faster nets
There's a persistent problem with today's new breed of gigabit-speed intrusion-detection systems: They simply cannot plow through IP traffic fast enough to provide blanket protection on networks running at gigabit speed, according to industry experts and at least three vendors who make such products.
When an IDS reaches its maximum processing capacity it begins to drop large numbers of packets, thereby increasing the possibility of missing attacks. The newer gigabit-speed IDS products, delivered as an appliance or software customers load onto their own boxes, fall down on the job, according to lab tests conducted by Miercom, a network consultancy and a Network World Global Test Alliance member. Although IDS equipment can achieve near-gigabit throughput, in lab tests they missed half the attacks thrown at them.