The San Diego regional Security Conference, formerly known as the C4ISR, CyberSecurity, Robot Platforms & Sensors Conference took place on September 14, 2010.  David J. Dodd, president and founder of pbnetworks Inc. was asked to be on a panel discussing "Intrusion Detection & Prevention".  The moderator was Jeff Debrosse of ESET, Research Director, North America the other two panelist were Anirban Banerjee, StopTheHacker, CEO, and Miles Hale, SAIC, Secure Business Solutions, AVP. 

Jeff Debrosse started off the a background in IDS-IPS and follwed up with asking the panel some questions about trends in IDS/IPS.  What are some issues that affect Intrusion Detection in the context of large scale systems.? 

Large scale infrastructure have a constant evolution of attack patterns. Thus systems are needed that are not only scalable and easy to use, but also evolutionary so as to be able to adept to new attacks. There is a need to integrate multiple Intrusion Detection techniques and architectures such as anomaly detection, signature-based, evasion, host-based and network-based. It is important to have standards for characterization, storage and exchange of data about attacks intrusions, vulnerability and evidence.

How can the efficacy of existing Intrusion Detection systems improved? Are they looking for the right things? Can they really be useful in detecting real problems without overloading the operator with useless data especially in large networks?

Some important needs for an Intrusion Detection system are the ability to provide a timely reaction, to provide evidence, and to identify suspicious activity before a more serious attack occurs. The ability for the user to be able to add or modify signatures in order to customize the IDS to his own needs. Real-world experiences is difficult to obtain and this is one of the major problems that remains to be solved.

What are some of the issues with integrating Intrusion Detection systems as part of network management?

The organization needs to establish its own risk model then it would be possible to customize and integrate Intrusion Detection inside the network. It is very important to have efficient and effective visualization mechanisms for the activity of the networks and possible intrusions.

What are your concerns with the interoperability within an enterprise of various applications from different vendors?

Interoperability can be solved by using different products for detecting and protecting different things, but they need to be able to communicate or exchange data to be able to provide a really useful solution.