12 top IDS/IPS tools

An intrusion detection or prevention system can mean the difference between a safe network and a nasty breach. We've rounded up some of the best and most popular IDS/IPS products on the market.

radar grid overlays the pupil of an eye / intrusion detection / scanning / threat assessment
ddukang / Getty Images

An intrusion detection system (IDS) is a longtime staple of IT security; it's a software application or physical appliance that monitors networks, hosts, or both for signs that an intruder has broken into your IT infrastructure. Many such tools integrate the capability to not only detect such attacks but automatically fight back against them, which puts them into the related category of intrusion prevention systems (IPS).

IDS/IPS has long been seen as a making up a distinct market, and many are available as standalone products. However, security vendors are increasingly eager to wrap a number of security tools into "platforms" or other similarly unified offerings. Sometimes they'll sell products or services with an IPS at the core and other bells and whistles added on.

We've broken down 12 of the most popular IPS and IDS tools out there. Some stand on their own while some are just a part of a broader system, and we've explained where each tool falls on that divide. We've even included a couple of longstanding and beloved open source tools on the list, since these are still widely used at enterprises of varying sizes by IT pros who know them well.

One thing to keep in mind: As with most enterprise software, these offerings don't have a simple price tag attached, since vendors work with VARs and often give discounts to longstanding customers. Many also come in models or tiers with a range of processing capacities. We have offered pricing guidance where such information is public, or where vendors were willing to share it with us.

1. Cisco NGIPS

Cisco's Next Generation Intrusion Prevention System (NGIPS) is part of the networking giant's overall security offering, which is grouped together under the Firepower brand. Cisco promises visibility into security data via the centralized Firepower Management center, and NGIPS can also integrate with other Cisco security tools. The policy rules and threat signatures NGIPS uses to detect and prevent intrusions are updated every two hours. NGIPS can run on a Cisco appliance or a VMware instance, and can be positioned flexibly within your network.

To continue reading this article register now

The 10 most powerful cybersecurity companies