Leading Intrusion Detection Systems (IDS) Products
Some leading Intrusion Detection Systems (IDS) Products are
• Snort
Snort® is an open source network intrusion prevention and detection system (IDS/IPS) developed by Sourcefire. Combining the benefits of signature, protocol and anomaly-based inspection, Snort is the most widely deployed IDS/IPS technology worldwide. With millions of downloads and approximately 300,000 registered users, Snort has become the de facto standard for IPS.
CounterACT Edge security appliance delivers an entirely unique approach to preventing network intrusions: Stop attackers based on their "proven intent" to attack without using signatures, anomaly detection or pattern matching of any kind.
Attackers follow a consistent pattern. To launch an attack, they need knowledge about a network's resources. Potential intruders, whether humans or self-propagating threats, compile vulnerability and configuration information through scanning and probing prior to an attack. The information received is then used to launch attacks based on the unique structure and characteristics of the targeted network.
AirMagnet Enterprise provides a simple, scalable WLAN monitoring solution that enables any organization to proactively mitigate all types of wireless threats, enforce enterprise policies, prevent performance problems and audit the regulatory compliance of all their WiFi assets and users worldwide.
• Bro Intrusion Detection System
Bro is an open-source, Unix-based Network Intrusion Detection System (NIDS) that passively monitors network traffic and looks for suspicious activity. Bro detects intrusions by first parsing network traffic to extract its application-level semantics and then executing event-oriented analyzers that compare the activity with patterns deemed troublesome. Its analysis includes detection of specific attacks (including those defined by signatures, but also those defined in terms of events) and unusual activities (e.g., certain hosts connecting to certain services, or patterns of failed connection attempts).
• Cisco Intrusion Prevention System (IPS)
Cisco IPS is one of the most widely deployed intrusion prevention systems, providing:
Protection against more than 30,000 known threats, Timely signature updates and Cisco Global Correlation to dynamically recognize, evaluate, and stop emerging Internet threats
Cisco IPS includes industry-leading research and the expertise of Cisco Security Intelligence Operations.
Cisco IPS protects against increasingly sophisticated attacks, including Directed attacks, Worms, Botnets, Malware, Application abuse.
Cisco IPS also helps your organization comply with government regulations and consumer privacy laws. It provides intrusion prevention that Stops outbreaks at the network level, before they reach the desktop, Prevents losses from disruptions, theft, or defacement, Collaborates with other network components, for end-to-end, networkwide intrusion prevention, Supports a wide range of deployment options, with near-real-time updates for the most recent threat, Decreases legal liability, protects brand reputation, and safeguards intellectual property.
• Juniper Networks Intrusion Detection & Prevention (IDP)
Juniper Networks IDP Series Intrusion Detection and Prevention Appliances with Multi-Method Detection (MMD), offers comprehensive coverage by leveraging multiple detection mechanisms. For example, by utilizing signatures, as well as other detection methods including protocol anomaly traffic anomaly detection, the Juniper Networks IDP Series appliances can thwart known attacks as well as possible future variations of the attack. Backed by Juniper Networks Security Lab, signatures for detection of new attacks are generated on a daily basis. Working very closely with many software vendors to assess new vulnerabilities, it’s not uncommon for IDP Series to be equipped to thwart attacks which have not yet occurred. Such day-zero coverage ensures that you’re not merely reacting to new attacks, but proactively securing your network from future attacks.
• McAfee Host Intrusion Prevention for server
Defend your servers from known and new zero-day attacks with McAfee Host Intrusion Prevention. Boost security, lower costs by reducing the frequency and urgency of patching, and simplify compliance.
• Sourcefire Intrusion Prevention System (IPS)
Built on the foundation of the award-winning Snort® rules-based detection engine, Sourcefire IPS™ (Intrusion Prevention System) uses a powerful combination of vulnerability- and anomaly-based inspection methods—at throughputs up to 10 Gbps—to analyze network traffic and prevent critical threats from damaging your network. Whether deployed at the perimeter, in the DMZ, in the core, or at critical network segments, and whether placed in inline or passive mode, Sourcefire’s easy-to-use IPS appliances provide comprehensive threat protection.
The award-winning Strata Guard® high-speed intrusion detection/prevention system (IDS/IPS) gives you real-time, zero-day protection from network attacks and malicious traffic, preventing Malware, spyware, port scans, viruses, and DoS and DDoS from compromising hosts, Device and network outages, Data leakage, High-risk protocols, such as BitTorrent™, Kazaa™, and TelNet, from running on your network, Unauthorized access to sensitive data.
