Answer by Clayton Hoskinson:
Since your PIX box is actually a firewall, and not an Intrusion Detection System appliance, they do not do the same job. Admittedly, if you are constantly watching your logs on the PIX device, you might be able to use them as an IDS of sorts. But since not many administrators have the time to constantly monitor the firewall logs, the use of a firewall as your IDS appliance is not really a good idea.
Answer by Mary Beth Guard:
Insofar as regulatory requirements, the Information Security Guidelines do not mandate the use of an Intrusion Detection System, but it is one of the eight categories of security measures each institution is required to evaluate and, if appropriate, adopt. There is no specificity in the guidelines regarding the type of IDS that should be used. The determination of what is necessary and appropriate must be made by an individual institution's management and board based upon its analysis of the risks. One size does not fit all, and there is no universal standard for what is right in this area.
First published on BankersOnline.com 1/6/03