Ask the Expert

Buy vs. build: Choosing an enterprise intrusion detection system

Under what circumstances would you recommend building your own intrusion detection system (IDS)?

    Requires Free Membership to View

Generally, I'm a fan of the "buy vs. build" philosophy, and I recommend the use of commercially supported products in enterprise environments. In most cases, it's simply more cost-effective to use a product that has manufacturer support available. Many administrators find the notion of calling for support a blow to their egos, but that's a misguided philosophy; technical support should be viewed as a direct pipeline to expert knowledge, rather than a last-ditch 911 call.

Some organizations, like schools and other non-profits, may have volunteers available to spend time maintaining a system, or simply don't have the funds to purchase and maintain a commercial IDS. In such cases, building an intrusion detection system may be a viable option.

If you do choose the "build it" route, go with a mainstream tool. Enterprises around the world, for example, deploy the open-source Snort IDS. The intrusion detection system's rule updates are available for free, but with a 30-day delay. If you're willing to spend a few hundred bucks a year, however, you can purchase a real-time rules subscription. There's also a huge community that provides a free support resource through forums on the Snort Web site.

More information:

  • Check out's Snort Intrusion Detection and Prevention Guide.
  • Learn how to use wireless IDS/IPS.
  • This was first published in July 2007

    There are Comments. Add yours.

    TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

    REGISTER or login:

    Forgot Password?
    By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
    Sort by: OldestNewest

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to: