Looking for suggestions/Comments on IDS/IPS Solutions

Stephen, what specifically are you looking to have answered? Just these companies on a reputation level or something more specific technology wise? Let us know! Good question btw.

I am looking for a provider that provides end to end inside and outside managed ids/ips services for network and firewall. I am wanting suggestions/comments on vendors that provide the best service that is easily maintained by an IT administrator with good easy to read reporting tools. The vendor also needs to have fast response times on alerts/alarms when they arise.

Stephen, I have used SecureWorks in the past and they seem to be a good group of people. The technicians there were very knowledgeable and friendly. We dropped them because the appliance we switched to has integrated IDS/IPS. I am big on using Snort. One thing that I have done with Snort is to write some rules to alert against data leakage protection. For example emails that may contain account numbers and/or social security numbers are picked up on by it. If you are interested I can share you how I did that. The other thing you might want to ask about is extrusion detection. Signature based malware detection is becoming increasingly less effective and it is forcing us to have to look at malwares command and control channels for detection.

As far as the Managed Security Service providers go, I’ve been very impressed with the work Secureworks puts into their response process. Its very detailed, and establishes who to contact and when. Their reporting is good and as far as I can tell the iSensor is a solid piece of equipment.

We use a mixture of providers, one thing to look at would be some of the Cisco M.A.R.S. Project some very slick stuff. We use Sentinel for our IPS and inside of our Cisco ASA we use a IPS/IDS module that just monitors, and we use Trigeo for sys-log and IDS monitoring. I’m a Cisco fanboy but their system is freaking sweet. http://www.cisco.com/en/US/products/ps6241/