• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 592
  • Last Modified:

intrusion detection monitoring

We have a client who currently spends 4k per month with alert logic for monitoring and intrusion detection. We want to help minimize this cost with a similar solution. Can anyone suggest a similar product or solution? We would ideally like to put our own equipment in, and have it send us alerts when necessary.

Any thoughts?
1 Solution
There are many options.  We currently are running a Tipping Point (From HP) IPS/IDS device at our primary site as well as having an IPS module in our Cisco router.at our DR site
Also worth a look Tripwire, and there is a free, if older variant, also on the free front have a look at AIDE.

On the monitoring front, if your also after general network / traffic stat's, then there are numerous solutions: nagios, CA-Agentless (IP mirror), Cacti, Smokeping, IBM tivloi.....
Try snort / ossec.
skyadminAuthor Commented:
Thanks for the input guys, I forgot to mention they need to be PCI compliant, do these solutions offer this?
None of the solutions on their own will get you through a PCI-DSS audit, as they obviously can't: Produce an incident handling / resolution plan, harden your servers themselves, perform background checks on staff, stop credentials being shared, physically restrict access to the server, stop an application persisting card detail or security codes, enforce multi factor authentication on the servers, or remove unnecessary services / utilities from them....

But I have used: Tripwire, CA-Agentless, F5-BigIP and several other toys in combination, at one multi billion on-line set-up, to tick a number of the monitoring and access limitation boxes. The commercial version of Tripwire does a spot audit of your servers / devices and provide a list of hardening recommendations, as well as the ability to alert on a configuration change, so a good starting point.

Featured Post

Prep for the ITIL® Foundation Certification Exam

December’s Course of the Month is now available! Enroll to learn ITIL® Foundation best practices for delivering IT services effectively and efficiently.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now