Earlier this month, the Gartner Market Guide for Intrusion Detection and Prevention Systems (IDPS), written by Gartner researchers Craig Lawson and John Watts (ID: G00385800)*, was published. The guide describes the market definition and direction of requirements that buyers should look for in their IDPS solution as well as the top use-cases that drive IDPS today.
Notable in this report are relatively new scenarios that speak to the type of requirements that should be considered when thinking about future IDPS solutions as well as for network security in general.
The following sections summarize notable insights from the report.
According to Gartner, “For detection mode, clients have justifiable concerns over how this technology is just another ‘event canon’ generating alerts that, even if events of interest are there, are drowned out by what can be the sheer number of alerts.”
Many organizations look for solutions that excel at rolling up numerous alerts to create a single incident or campaign that describes a chain of related activities. This is far more advantageous than sifting through isolated alerts that an analyst has to piece together. Security teams often find this to be as valuable a use of artificial intelligence and machine learning as the detections themselves.
Per the report, “The natural evolution to support these workflows, is to expand the visibility of the stand-alone IDPS further into the environment where evidence of these breaches can be found. That means deploying additional IDPS sensors inside the network (and usually inside the data center).”
Many organizations look for solutions that use advanced analytics and behavioral models for network IDS use-cases and for inspecting east-west traffic. These solutions provide the ability to detect threats that have bypassed traditional controls by providing indicators of attacker behaviors like command and control, reconnaissance, lateral movement, and data exfiltration inside the network.
Further Gartner says, “IDPS vendors are deploying more effectively into public cloud (IaaS) environments than enterprise network firewall solutions as incumbent cloud providers are providing adequate coverage in this space, supplanting traditional firewalls. IDPS vendors are now able to deploy more effectively in these more agile compute architectures, either natively or with integration with packet brokers like Gigamon and Zentara.”
As enterprises move their high-value data and services to the cloud, it’s imperative to reduce cyber-risks that can take down businesses. Visibility gaps can exist in connections between compute and storage instances.
Cyberattackers are aware of this visibility gap. A recent survey by the SANS Institute found that one in five businesses had serious unauthorized access to their cloud environments this past year alone, and many more were unknowingly breached. This will only become more pronounced as nearly four out of 10 organizations plan to move to a cloud-first approach to deploy new applications, according to a recent study by the Enterprise Strategy Group (ESG).
As a result, many security teams are looking for deployments that can give them visibility into the extended footprint of their network as it expands into the cloud.
To learn more, reach out to Vectra for a consultative discussion about your IDPS requirements or read a complimentary copy of the report—for more details on the requirements you should consider in your IDPS deployment.