There are a variety of factors here. I assume you mean a network-based IDS, rather than host-based, and that you want to do packet inspection.
Snort, suricata, and bro are popular open source options. I recommend subscribing to some kind of threat feed to get new IDS rules from a vendor or community. I'm not sure what's available for suricata or bro but for Snort you could get the emergingthreats feed or pay for the VRT from Sourcefire/Cisco (the corporate ummm sponsor of Snort). If you want high performance, say 10Gb, then your needs are sorta special. I've liked the scenario of deploying both snort with a threat feed and bro as complementary. I haven't played with suricata. Is this the kind of thing you have in mind? If you have a big budget there are also commercial options we could discuss. Matt On Fri, Feb 28, 2014 at 11:25 AM, Ali Sajid Imami <ali.sajid.im...@gmail.com > wrote: > At work, we have been tasked with setting us up for various security > certifications. one step is putting a good IDS in place. I was wondering if > people here had any good recommendations? > > _______________________________________________ > Tech mailing list > Tech@lists.lopsa.org > https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech > This list provided by the League of Professional System Administrators > http://lopsa.org/ > >
_______________________________________________ Tech mailing list Tech@lists.lopsa.org https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
