G+_Gregg Ordon Posted September 28, 2016 Share Posted September 28, 2016 Does anyone have any experience with IDS (Intrusion Detection Software)? I run an IT company and I am am looking into implementing some of these solutions for our SMB's in order to monitor networks more efficiently and understand where a threat can be coming from. Thanks in advance. Link to comment Share on other sites More sharing options...
G+_Travis Hershberger Posted September 28, 2016 Share Posted September 28, 2016 I've been using AlienVault's OSSIM (FOSS product). It works well, but you really do need to deploy the agent to get it working how it should. After that tho, it just works. Link to comment Share on other sites More sharing options...
G+_Scott Snodgrass Posted September 28, 2016 Share Posted September 28, 2016 I actually looked into IDS some the other day. I've heard good things about Snort. Link to comment Share on other sites More sharing options...
G+_David Wiggins Posted September 28, 2016 Share Posted September 28, 2016 I've been using SNORT on my pfSense installs for a while now. They have various tiers of rule/signature updates, including a decent free one. It takes a bit of time to dial in to recognise and cut back on false positives, bit once done, is amazing. Security Onion is also a good analysis tool. I'm working on exporting my SNORT data to that for further analysis. My goal is to use a single SO dashboard to monitor several pfS instances. Also there is Suricata. It has a large following, (and is security onion supported, I believe) but I haven't used it as of yet. Link to comment Share on other sites More sharing options...
Recommended Posts