Hi There, As I often have greater respect for a much larger portion of this list than the rest of the internet, I am curious what is thought about current IDS/IPS hardware from vendors like Trustwave, Checkpoint, Alert Logic, mod_security, even snort.. etc, and in particular, the sensibility and effectiveness of using them in high-security environments.
>From a compliance perspective, I don't have much choice. From the costs, infrastructure, and administrative perspectives, I am currently evaluating whether or not I should be leaning towards and IDS or IPS solution, and of course which system/vendor. My understanding is that something like snort requires a fair bit of maintenance and IT-attention, the trade-off being cost, so I am leaning away from this. Between detection and prevention, preventing break-ins seems a bit sillier than trying to actively monitor what's going on and to then look for threats, so this pushes me more towards IDS over IPS. Thoughts, suggestions, flames, are all welcome. Thanks. ~Jason