If false positives have undermined the usability of IDS (intrusion detection systems) that hasn’t stopped security service vendor Qualys from launching a sturdy defence of the technology at last week’s Black Hat security conference in Las Vegas.
The company was announcing ‘QuIDScor’, a service it claimed could ‘correlate’ open source-based Snort IDS events with Qualys’s own database of potential low priority alerts and known issues.
The object of the system was to prioritise alerts, making it easier for technical staff to work out which ones required immediate attention. According to Qualys, the result was a reduction in false positives of up to 70 percent.
The system used an open source API to transfer data from the Qualys database via XML.
Few doubt intrusion detection is a technology under fire. "Enterprises requiring a secure network are wading through the daily flood of information that Intrusion Detection Systems produce, often without the time or resources to remedy," Yankee Group analyst Eric Ogren was quoted as saying in the Qualys press release.