Problem solve Get help with specific problems with your technologies, process and projects.

Buy vs. build: Choosing an enterprise intrusion detection system

When it comes to intrusion detection systems, should you buy or build? In this SearchSecurity.com Q&A, network security expert Mike Chapple explains when an enterprise should use a commercially supported product.

Under what circumstances would you recommend building your own intrusion detection system (IDS)?
Generally, I'm a fan of the "buy vs. build" philosophy, and I recommend the use of commercially supported products in enterprise environments. In most cases, it's simply more cost-effective to use a product that has manufacturer support available. Many administrators find the notion of calling for support a blow to their egos, but that's a misguided philosophy; technical support should be viewed as a direct pipeline to expert knowledge, rather than a last-ditch 911 call.

Some organizations, like schools and other non-profits, may have volunteers available to spend time maintaining...

a system, or simply don't have the funds to purchase and maintain a commercial IDS. In such cases, building an intrusion detection system may be a viable option.

If you do choose the "build it" route, go with a mainstream tool. Enterprises around the world, for example, deploy the open-source Snort IDS. The intrusion detection system's rule updates are available for free, but with a 30-day delay. If you're willing to spend a few hundred bucks a year, however, you can purchase a real-time rules subscription. There's also a huge community that provides a free support resource through forums on the Snort Web site.

More information:

  • Check out SearchSecurity.com's Snort Intrusion Detection and Prevention Guide.
  • Learn how to use wireless IDS/IPS.
  • This was last published in July 2007

    Dig Deeper on Network intrusion detection and prevention (IDS-IPS)

    Have a question for an expert?

    Please add a title for your question

    Get answers from a TechTarget expert on whatever's puzzling you.

    You will be able to add details on the next page.

    Start the conversation

    Send me notifications when other members comment.

    By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

    Please create a username to comment.