What are the 'hottest' host-based IPSes available on the market?
Determining the "hottest" IPSes is really based on your company's needs and business requirements. Although a few IDS/IPS companies have huge advertising budgets, it doesn't mean they are the best. Our industry has to get by what we call the executive decision to use a product because of an advertisement or article.
Here are some IDS/IPS vendors:
- Tenable Network Security -- great for any level.
- Enterasys -- works well with Tenable.
- ISS -- big advertisers.
- Snort -- free, but need good technical staff (works with Tenable).
There are many others IDS vendors. I recommend getting your business requirements, budget and other needs together. (In other words, get a request for proposal RFP. You can use www.sans.org if you do not have a good one) Research some of the online papers at on SearchSecurity, view some webcasts, and other papers, and then make a decision on three vendors. Contact those three vendors and have them present to you why they are the best. They should be able to provide the following:
- 24 X 7 support
- Upgrades in a timely manner
- Signatures in a timely manger (like virus)
- Excellent documentation
- Excellent training
- More than only one expert person on staff (don't be fooled with lower-level people)
For more info on this topic, visit these SearchSecurity.com resources: