An article about 2 companies arguing who's better. I must have missed the part where they actually debate, or brawl, about the future of IDS. Seems the biggest technical thought put forth was, "your performance sucks". Maybe that means IDS is headed to a future where performance will suck less. Yay.
Competition is a good thing. Snort has been the only IDS in the market (I'm aware of Bro) and now there is competition in Suricata. The problem I see is that Suricata folks confusing "improvement" and "innovation." IDS, IMHO, still need innovations.
Say what? What about Cisco's IDS engine, which isn't Snort, and was originally WheelGroup? What about Intrusion's? What about Fortinet's? What about Enterasys' (Dragon)?
Two things happened to "intrusion detection":
* The concept failed, and
* The technology got rolled up into middleboxes as part of "IPS" (IDS plus filters) and "UTM" (all-in-one boxes).
There has been a vibrant "market" of IDS engines for over a decade.
IPS/IDS is a well over a billion dollar a year industry. The products mentioned in the article don't even make up a measurable fraction of that. Market leaders are products like Cisco, Macfee, ISS, Tipping Point, etc.
Should have qualified by sentence with "open source" and "free." OTOH, I don't think IDS is a flawed concept it's just used the wrong way in most enterprises.
