Intrusion Detection: The Guard Inside the Gate - Page 3
Software vs. Appliances
Another consideration when shopping for an IDS product is whether to choose a software solution or an appliance. Software is the most prevalent type of IDS product in the market today; however, a number of vendors are beginning to offer IDS appliances. Simply stated, software tends to be more complex but more configurable. An appliance is designed more as a plug-and-play solution.
Choosing one or the other depends on a company's needs. Appliances tend to be more powerful because they have greater processing capability, can watch more traffic and report faster, says Wright. However, he adds that appliances always need to be upgraded.
Shoppers in the market for IDS can also consider purchasing IDS as a service. In the same way that ISPs outsource firewall security, many outsource IDS, as well. Pilot Network Services is an example of an outsource provider offering firewall, IDS, and host-protection services.
Companies of all sizes turn to managed services providers for IDS and other security services. We provide a basic service to companies and can plug in other security options, as well, says Jim Ransome, vice president of security operations and services. The company reportedly watches over 75,000 networks and sees 70 million attempts to violate security on a monthly basis. About 5,000 of those incidents are actual attacks, a 240% increase from just two years ago, he says.
Tallying the Tab
As any vendor will tell you, the cost to implement IDS depends on the size and complexity of a network; larger, more complex networks demand more investment, and smaller, less complex networks cost less. The bottom line, however, is that IDS isn't cheap. Total cost of ownership figures include product costs, implementation and configuration costs, and ongoing monitoring costs. Like many security tools, IDS requires network administrators with knowledge about security.
According to Frost & Sullivan's Wright, the average selling price for an IDS main engine is about $8,000. Coverage for additional servers costs about $1,000 each and desktop monitors run about $100 each.
ISS' Wood says the following about IDS cost: To get started, the range of the company's sensors runs from $750 to $15,000, with pricing adjusted for quantity. The company's RealSecure product is a distributed system that reports back to a central management console; the console is free. An organization with three servers can buy three OS sensors for about $2,000 versus one network sensor for $9,000.
Axent's NetProwler Enterprise, a network-based IDS solution, costs $10,995, which includes a single manager, console and agent. Axent's host-based IDS product, called Intruder Alert, is priced at $1,995 for the manager and $995 per agent (agents are installed on every machine).
Security outsourcing provider Pilot reports that companies pay $5,000 to $6,000 per month for a basic package of security services that includes IDS.