intrusion detection monitoring

Posted on 2012-09-07
Last Modified: 2013-12-06
We have a client who currently spends 4k per month with alert logic for monitoring and intrusion detection. We want to help minimize this cost with a similar solution. Can anyone suggest a similar product or solution? We would ideally like to put our own equipment in, and have it send us alerts when necessary.

Any thoughts?
Question by:skyadmin
    LVL 25

    Expert Comment

    There are many options.  We currently are running a Tipping Point (From HP) IPS/IDS device at our primary site as well as having an IPS module in our Cisco our DR site
    LVL 26

    Expert Comment

    Also worth a look Tripwire, and there is a free, if older variant, also on the free front have a look at AIDE.

    On the monitoring front, if your also after general network / traffic stat's, then there are numerous solutions: nagios, CA-Agentless (IP mirror), Cacti, Smokeping, IBM tivloi.....
    LVL 7

    Expert Comment

    Try snort / ossec.

    Author Comment

    Thanks for the input guys, I forgot to mention they need to be PCI compliant, do these solutions offer this?
    LVL 26

    Accepted Solution

    None of the solutions on their own will get you through a PCI-DSS audit, as they obviously can't: Produce an incident handling / resolution plan, harden your servers themselves, perform background checks on staff, stop credentials being shared, physically restrict access to the server, stop an application persisting card detail or security codes, enforce multi factor authentication on the servers, or remove unnecessary services / utilities from them....

    But I have used: Tripwire, CA-Agentless, F5-BigIP and several other toys in combination, at one multi billion on-line set-up, to tick a number of the monitoring and access limitation boxes. The commercial version of Tripwire does a spot audit of your servers / devices and provide a list of hardening recommendations, as well as the ability to alert on a configuration change, so a good starting point.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Maximize Your Threat Intelligence Reporting

    Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

    Suggested Solutions

    A Bare Metal Image backup allows for the restore of an entire system to a similar or dissimilar hardware. They are highly useful for migrations and disaster recovery. Bare Metal Image backups support Full and Incremental backups. Differential backup…
    Load balancing is the method of dividing the total amount of work performed by one computer between two or more computers. Its aim is to get more work done in the same amount of time, ensuring that all the users get served faster.
    In this Micro Tutorial viewers will learn how to use Boot Corrector from Paragon Rescue Kit Free to identify and fix the boot problems of Windows 7/8/2012R2 etc. As an example is used Windows 2012R2 which lost its active partition flag (often happen…
    In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    14 Experts available now in Live!

    Get 1:1 Help Now