But IDSs are getting better at managing large volumes of alerts.Last year, our IDS review concluded that false alarms would drown any network manager who tried to use these devices. The level of alerts managed to drown the devices: Several couldn’t handle the load of our modest test network.This year, we took a different slant in our testing, looking at how security analysts would use these devices in specific scenarios, but false alarms remain a major problem. As the virus and worm incidents during our test caused massive “bad” traffic across the Internet, we ran into serious problems with the volume of alerts. Even though we monitored significantly fewer systems sitting behind these IDSs than last year and significantly less traffic, 100,000 copies of the same alert each day made the systems sluggish and ill-behaved. In the case of Barbedwire Technologies, the systems became unusable. Cisco and Internet Security Systems (ISS) also filled up their disks, showing the importance of proactive management of alert information.But while the volume of false alarms remains high, the products have gotten better in their ability to manage that information. Products from Cisco, ISS and NFR Security all showed significant improvement in how they present alert information to the operator. With flexible grouping and display options, and automated upgrade and downgrade of alert information, we could make our way though the thousands of alerts we got each day. Although tuning remains a major task – which each of the products could simplify – the event management tools gave us a better handle on things. We also observed that while the attack signatures seem to be not much smarter than the last time we tested, IDS products are getting better at managing the output of these signatures. We got better information on the estimated severity and likelihood of an attack.Still, there is a huge element of trust: You don’t get to actually see the offending packet (except in the case of Barbedwire). Over the months of testing, these products didn’t earn that trust very well. For each attack we detected, we were unable to say, for certain, how it happened. We only could come up with a candidate list of possibilities, each of which had to be researched individually. Related content news TSMC bets on AI chips for revival of growth in semiconductor demand Executives at the chip manufacturer are still optimistic about the revenue potential of AI, as Nvidia and its partners say new GPUs have a lead time of up to 52 weeks. By Sam Reynolds Dec 08, 2023 3 mins CPUs and Processors CPUs and Processors Technology Industry news End of road for VMware’s end-user computing and security units: Broadcom Broadcom is refocusing VMWare on creating private and hybrid cloud environments for large enterprises and divesting its non-core assets. By Sam Reynolds Dec 08, 2023 3 mins Mergers and Acquisitions news analysis IBM cloud service aims to deliver secure, multicloud connectivity IBM Hybrid Cloud Mesh is a multicloud networking service that includes IT discovery, security, monitoring and traffic-engineering capabilities. By Michael Cooney Dec 07, 2023 3 mins Network Security Cloud Computing Networking news Gartner: Just 12% of IT infrastructure pros outpace CIO expectations Budget constraints, security concerns, and lack of talent can hamstring infrastructure and operations (I&O) professionals. By Denise Dubie Dec 07, 2023 4 mins Network Security Data Center Industry Podcasts Videos Resources Events NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe