ids/ips solution for small business

Can you someone recommend an IDS/IPS solution for small business? They can't afford a expensive solution. We want to be able to protect and the monitor layer 7.


thanks
officertangoAsked:
Who is Participating?
 
dhblaneConnect With a Mentor Commented:
You should take a look at snort.

Snort is free open source software and when combined with a front-end like Snorby extremely easy to monitor.  Rules for snort are regularly updated and you can get a lot of additional ones from a variety of feeds, bleeding snort is particularly good.
0
 
Rich RumbleConnect With a Mentor Security SamuraiCommented:
I assume you want to cover layers 3-7, Suricata, Snort or Bro IDS's are all very good at monitoring. You can use those three in an inline mode as an IPS to block, or use SnortSam to update firewall rules to block based on what the IDS's are reporting. All three above are free but have many offerings to help impliment, tune and even manage. IDS's are prone to false positives, and none work for everyone right out of the box, they all need tuned to your environment.
Some organizations use Snort/Suricata/Bro on the inside of the network to see if threats make it in, or are going out and then worry about tracking down a false positive or false negative. Installing an IDS on the outside, there are a lot of false positives that happen on the internet that will send your IDS into a tizzy.
-rich
0
 
officertangoAuthor Commented:
does SnortSam works with juniper firewall, ssg5?
0
 
Rich RumbleSecurity SamuraiCommented:
Says they do: http://www.snortsam.net/
I don't have any myself so I'm not certain, but it is a good application.
-rich
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.